[10813] in bugtraq
Re: Bug in WTS 4.0 on WinNT 4.0 sp4
daemon@ATHENA.MIT.EDU (Bill Stout)
Sat Jun 12 17:20:48 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <DD2F465621EED21183DF0090275CD319053318@main.aristasoft.com>
Date: Fri, 11 Jun 1999 12:57:48 -0700
Reply-To: Bill Stout <Bill.Stout@ARISTASOFT.COM>
From: Bill Stout <Bill.Stout@ARISTASOFT.COM>
To: BUGTRAQ@NETSPACE.ORG
-----Original Message-----
From: mRm3n4c3 [mailto:mistr@MARMELADE.NET]
<snip>
>If you log on to the WTS and type the wrong password more than three times,
the your
account gets locked out. BUT, if you choose to continu trying anyway, and
after some
time manage to type in the correct password, the WTS will let you log on as
an
'anonymous user' account, using either a locally stored profile or a default
profile.
</snip>
It appears to be working like it should. The 'Anonymous User' accounts are
local guest accounts on the Citrix server.
If you logon using only username/password, the correct behaviour is for NT
to scan the local users for the username, then the domain. A failed logon
using username/password only would traditionally use the 'guest' account.
Extract from http://support.microsoft.com/support/kb/articles/q103/3/90.asp:
"If the Domain specified in the SMB is NULL [None specified] then
The Advanced Server will treat this a local network logon. It
will check for a matching account in its own SAM Database.
If it finds a matching account then
The SMB password is compared to the SAM Database password.
If the password matches then
The Command Completed Successfully.
If the password does NOT match then
The User is prompted for a password.
It is retested as above.
System error 1326 has occurred. Logon failure: unknown
user name or bad password.
End
If it does NOT find the account in the local SAM Database then
The Advanced Server will Simultaneously ask another Advanced
Server in each Domain that it Trusts if it has account that
matches the SMB account.
<snip>
If no Trusted Domains respond to request to identify the
account then
Guest permissions are tested on the Original Advanced Server -
not the Trusted server.
If the Guest account is Enabled
The Command Completed Successfully.
If the Guest account is Disabled
System error 1326 has occurred. Logon failure:
unknown user name or bad password.
End
"
Bill Stout