��

Select the product you need help with

�� Windows Server 2003, Windows XP � Windows 2000

�� : 103390 - �� , � �� .

��: ��

��

�� | ��

��

�� , �� , �� Windows �� NTLM. �� (SMB) ��, �� , �� , �� NTLM. �� . � �� Windows �� .

�� | ��

�� Kerberos �� , �� NTLM. �� -�� Microsoft TechNet Web:

http://technet2.Microsoft.com/WindowsServer/en/Library/f5c70774-25cd-4481-8b7a-3d65c86e69b11033.mspx

(http://technet2.microsoft.com/WindowsServer/en/Library/f5c70774-25cd-4481-8b7a-3d65c86e69b11033.mspx)

��, �� . �� , �� .

��

�� Server 2003, �� Windows XP �� Windows 2000 �� , �� , �� (SMB). �� SMB � �� , �� NetBIOS �� (NetBEUI) �� TCP/IP. ��, �� NET USE �� SMB �� X�.

� Windows, �� SMB �� , ��-�� . �� , �� NET USE ��.

��

�� Windows �� :

   NET USE x: \\server\share

�� Windows �� SMB �� , �� .

�� , �� SMB. �� , �� :

    It checks its own domain database or computer database for
        a matching account.
    If it finds a matching account then
        The SMB password is compared to the domain database password or the computer database password.
        If  the password matches then
            The command completed successfully.
        If  the password does NOT match then
            The user is prompted for a password.
                The password is retested as above.
            System error 1326 has occurred. Logon failure: unknown
            user name or bad password.
        End
    If  it does NOT find the account in the domain Security Accounts Manager (SAM) database or computer SAM database then
        Guest permissions are tested.
        If  the guest account is enabled
            The command completed successfully.
        If  the guest account is disabled
            (* See Note a).
            The user is prompted for a password.
            System error 1326 has occurred. Logon failure:
                unknown user name or bad password.
        End

�� , �� SMB � �� , �� , �� :

    The server will do pass-through authentication. The
        network logon request will be sent to a server that has a domain controller role in the
        specified trusted domain.

�� , �� :

The trusted domain controller checks its own domain database
for a matching account.
If the trusted domain controller finds a matching account, then
NOT for Windows 2000 and later versions:
It determines whether the account is a local or global account.
If the account is local, then
Guest permissions on the original server are tested.
If the guest account is enabled
The command completed successfully.
If the guest account is disabled
(* See Note a) The user is prompted for a password.
System error 1326 has occurred. Logon failure:
unknown user name or bad password.
End
If the account is global (the only option for Active Directory)
The SMB password is compared to the domain database
password.
If the password matches, then
The command completed successfully.
(* See Note b)
If the password does NOT match, then
The user is prompted for a password.
The password is retested as above.
System error 1326 has occurred. Logon failure:
unknown user name or bad password.
End
If the trusted domain controller does NOT find the account in the trusted domain controller
database, then
Guest permissions are tested on the original server, not the trusted domain. (* See Note c)
If the guest account is enabled
The user will have original server guest access.
The command completed successfully.
If the guest account is disabled
(* See Note a) The user is prompted for a password.
System error 1326 has occurred. Logon failure:
unknown user name or bad password.
End

�� , �� SMB �� , �� , �� , �� :

    It  will check its own account database for
        a matching account
    If  the server finds a matching account, then
        The SMB password is compared to the domain database password or the computer database password.
        If  the password matches, then
            The command completed successfully.
        If  the password does NOT match, then
            The user is prompted for a password.
                The password is retested as above.
            System error 1326 has occurred. Logon failure: unknown
            user name or bad password.
    End
    If  it does NOT find the account in the domain database then
        guest permissions are tested.
        If  the guest account is enabled
            The command completed successfully.
        If  the guest account is disabled
            System error 1326 has occurred. Logon failure:
            unknown user name or bad password.
    End

�� , �� SMB NULL, �� , �� :

The server will treat this a local network logon. The server
will test for a matching account in its own database.
If it finds a matching account, then
The SMB password is compared to the SAM database password.
If the password matches, then
The command completed successfully.
If the password does NOT match, then
The user is prompted for a password.
The password is retested as above.
System error 1326 has occurred. Logon failure: unknown
user name or bad password.
End
If it does NOT find the account in the local SAM database AND
LsaLookupRestrictIsolatedNameLevel=0, then (* See Note d)
The server will simultaneously ask each domain that it trusts whether it has account that
matches the SMB account.
The first trusted domain to reply is sent a request to
perform pass-through authentication of the client
information.
The trusted domain will look in its own database.
If an account that matches the SMB account is found, then
The trusted domain determines whether the account is a local or global
account.
Not for Windows 2000 and later versions:
If the account is local then
Guest permissions on the original server are tested.
If the guest account is enabled
The command completed successfully.
If the guest account is disabled
The user will be prompted for a password.
Regardless of what password is entered, the user will receive
"Error 5: Access has been denied."
End
If the account is global (the only option for Active Directory)
The password that was specified in the SMB is compared
to the SAM database password.
If the password matches, then
The command completed successfully.
If the password does NOT match, then
The user is prompted for a password.
The password is retested as above.
System error 1326 has occurred. Logon failure:
unknown user name or bad password.
End
If no trusted domains respond to the request to identify the
account, then
Guest permissions are tested on the original server,
not the trusted server.
If the guest account is enabled
The command completed successfully.
If the guest account is disabled
System error 1326 has occurred. Logon failure:
unknown user name or bad password.
End

��

�� , �� -�� . �� , �� , �� -�� . �� , �� , �� , � �� . �� , �� .
�� : �� SID ��, �� , �� , �� , KickOffTime, �� LastSet �� , ��, �� , �� , �� , � �� .
�� .
�� , �� LsaLookupRestrictIsolatedNameLevel �� Microsoft �� :
818024
(http://support.microsoft.com/kb/818024/ )
�� , �� LsaLookupRestrictIsolatedNameLevel

�� .
�� , �� , �� .
�� .�� :
102716
(http://support.microsoft.com/kb/102716/ )
�� NTLM �� Windows
�� , �� Windows Server 2003, Windows XP � Windows 2000. �� (BLOB), �� . � �� BLOB �� , �� .
� �� Microsoft.
�� , �� , �� , �� . �� Windows Server 2003, Windows XP � Windows 2000. �� , �� , �� SMB �� , �� .

��

�� .

�� 1.

�� . �� NET USE \\SCRATCH �� . �� NET USE \\NET �� , �� , �� :

�� 1326 �� . �� : �� .

\SCRATCH-DOMAIN\USER1 �� \\NET.

�� � �� , �� .

��

�� .

  -Login account: USER1
  -Password:      PSW1
  -Login Domain:  LOCAL1

�� Active Directory:

  -Server Name: NET</WWITEM>
  -Domain:      NET-DOMAIN</WWITEM>
  -Trust:       NET-DOMAIN Trust SCRATCH-DOMAIN (Therefore,
                accounts on SCRATCH-DOMAIN can be granted permissions 
                in the NET- DOMAIN).

� NET ��:

� �� NET �� USER1.
�� .

Windows Server 2003:

  -Server Name:                       SCRATCH
  -Domain:                            SCRATCH-DOMAIN
  -Domain Database contains account:  USER1
  -Domain Database contains password: PSW1

� �� .

�� 2.

�� NET USE x: \\NET\share �� :

� �� SMB �� :
�� = �USER1�
�� = �psw1�
�� = �local1�
�� \\NET �� SMB � �� .
�� .
�� SMB.
�� local1� ��, �� .
�� .
�� 1326 �� . �� : �� . "�� .

�� 3

�� NET USE x: \\SCRATCH\share�� :

� �� SMB �� :
�� = �USER1�
�� = �psw1�
�� = �local1�
�� \\SCRATCH �� SMB � �� .
�� .
�� SMB �� .
�� . �� "�� .

� �� 2 � 3 �� . �� NET USE x: \\NET\share �� .

�� . �� , �� , �� . �� , �� NET USE-�� . �� . Windows Server 2003 �� , �� Windows XP, � �� Windows 2000 �� , �� .

��

�� , �� . �� , �� :

NET USE X: \\NET\SHARE /USER:SCRATCH-PSW1 ��\��1

� �� true:

  - \\NET = The computer name of the domain controller being accessed.
  - \SHARE = The share name.
  - /USER: command line parameter that lets you specify the domain,
    account and password that should be specified in the "Session Setup"
    SMB.
  - SCRATCH-DOMAIN = Domain name of the domain where the user
    account resides.
  - \USER1 = account to be validated against.
  - PSW1 = password that matches account on the domain.

�� :

NET USE /?

�� NULL, ��

Microsoft SMB ��, � Windows Server 2003, Windows XP � Windows 2000 �� NULL �� " �� SMB [x 73]" SMB. � �� SMB-�� , �� , � �� NULL, �� NET USE ��. � Microsoft SMB-�� 1.