From: Daniel Miessler (daniel@dmiessler.com)
Date: Sun Oct 30 2005 - 05:17:54 EST
On Sep 24, 2005, at 4:11 PM, Thor (Hammer of God) wrote:
> Rather than getting into how the basic client-server authentication
> netlogon protocols are vastly different than IPSec channels, please
> just answer one of the following questions. I'll try to make them
> very simple.
>
> Scenario: You've got an XP Pro laptop on the Windows network
> logged on with local credentials. A network resource on a Win2k
> server somewhere is accessed, requiring new credentials be entered
> to access the resource. Please tell us exactly how you force the
> client and server to use "IPSec based auth" to authenticate the
> request as opposed to LM, NTLM, or NTLMv2.
Here, let me try:
The issue here is simple: we're trying to authenticate to a Windows
system, and IPSEC "authentication" is used to authenticate IPSEC
peers, not Windows users. An analogy would be a situation in which
authentication is needed for both a secret road to get to work, and
then also to enter the building at work. The road authentication
doesn't necessarily work for the building. ;)
-- Daniel R. Miessler M: daniel@dmiessler.com W: http://dmiessler.com G: 0x316BC712
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:06 EDT