Sna Server and Active Directory

  • Thread starter Thread starter Lamberti Mario
  • Start date Start date
L

Lamberti Mario

I have two sna server installed in my windows 2000
domain, sna1 (subdomain: snaenterprise, server
role:primary) on win2k dc and sna2 (subdomain:
snaenterprise, server role:secondary) on another win2k
dc. Can I switch my domain in native mode? Sna Server 4
support windows 2000 in native mode?
 
Dear Lamberti,

Thank you for your post.

My name is Laura and it is my pleasure to work with you on this post. I
understand that you would like to know whether SNA server support Windows
2000 native mode.

Based on my research, SNA currently does not support Kerberos
authentication as stated in KB article 262474. However, SNA server will
use the NTLM authentication mechanism in Windows 2000 mixed or native mode.
As for scenarios between NTLM and Kerberos (besides no support for
Kerberos), KB article 231789 provides another good explanation:

231789 Local Logon Process for Windows 2000
http://support.microsoft.com/?id=231789

When you log on to a computer running Windows 2000 Professional or Server,
Windows 2000 uses two authentication procedures to log you on locally.
Windows attempts to use Kerberos as the primary source of user
authentication. If the Key Distribution Center (KDC) service is not found
for Kerberos authentication, then Windows uses Windows NT LanManager(NTLM)
security to authenticate users in the local Security Accounts Manager (SAM)
database. KDC is a service that runs on all domain controllers and works
with Active Directory and Kerberos security authentication services. If the
KDC service is not available when you log on to your computer, Kerberos
cannot authenticate the user. Windows 2000 uses the NTLM security system
for compatibility with earlier versions of Windows NT.

If you have any further questions or concerns, please feel free to let us
know.

Have a nice day!

Best regards,

Laura Zhang
Microsoft Online Support Engineer
Get Secure! - <www.microsoft.com/security>
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
| Content-Class: urn:content-classes:message
| From: "Lamberti Mario" <[email protected]>
| Sender: "Lamberti Mario" <[email protected]>
| Subject: Sna Server and Active Directory
| Date: Tue, 2 Sep 2003 08:11:08 -0700
| Lines: 6
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcNxZG+/Zlh0LD/4RmaCnXKxTCbJPw==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.win2000.active_directory
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:46040
| NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| I have two sna server installed in my windows 2000
| domain, sna1 (subdomain: snaenterprise, server
| role:primary) on win2k dc and sna2 (subdomain:
| snaenterprise, server role:secondary) on another win2k
| dc. Can I switch my domain in native mode? Sna Server 4
| support windows 2000 in native mode?
|
 
Thanks a lot Laura you are very kind.
I have read kb articles and I suppose that Sna Server run
in windows 2000 native mode.
-----Original Message-----
Dear Lamberti,

Thank you for your post.

My name is Laura and it is my pleasure to work with you on this post. I
understand that you would like to know whether SNA server support Windows
2000 native mode.

Based on my research, SNA currently does not support Kerberos
authentication as stated in KB article 262474. However, SNA server will
use the NTLM authentication mechanism in Windows 2000 mixed or native mode.
As for scenarios between NTLM and Kerberos (besides no support for
Kerberos), KB article 231789 provides another good explanation:

231789 Local Logon Process for Windows 2000
http://support.microsoft.com/?id=231789

When you log on to a computer running Windows 2000 Professional or Server,
Windows 2000 uses two authentication procedures to log you on locally.
Windows attempts to use Kerberos as the primary source of user
authentication. If the Key Distribution Center (KDC) service is not found
for Kerberos authentication, then Windows uses Windows NT LanManager(NTLM)
security to authenticate users in the local Security Accounts Manager (SAM)
database. KDC is a service that runs on all domain controllers and works
with Active Directory and Kerberos security
Click to expand...
authentication services. If the
 
Dear Lamberti,

Thank you for your update. I am glad that the information is helpful.

Have a nice day!

Best regards,

Laura Zhang
Microsoft Online Support Engineer
Get Secure! - <www.microsoft.com/security>
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Content-Class: urn:content-classes:message
| From: "Lamberti Mario" <[email protected]>
| Sender: "Lamberti Mario" <[email protected]>
| References: <[email protected]>
<#[email protected]>
| Subject: RE: Sna Server and Active Directory
| Date: Wed, 3 Sep 2003 02:28:45 -0700
| Lines: 104
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcNx/cW2hCpGKM7eRLC93Q6gUrZnww==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.win2000.active_directory
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:46163
| NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Thanks a lot Laura you are very kind.
| I have read kb articles and I suppose that Sna Server run
| in windows 2000 native mode.
| >-----Original Message-----
| >Dear Lamberti,
| >
| >Thank you for your post.
| >
| >My name is Laura and it is my pleasure to work with you
| on this post. I
| >understand that you would like to know whether SNA
| server support Windows
| >2000 native mode.
| >
| >Based on my research, SNA currently does not support
| Kerberos
| >authentication as stated in KB article 262474. However,
| SNA server will
| >use the NTLM authentication mechanism in Windows 2000
| mixed or native mode.
| > As for scenarios between NTLM and Kerberos (besides no
| support for
| >Kerberos), KB article 231789 provides another good
| explanation:
| >
| >231789 Local Logon Process for Windows 2000
| >http://support.microsoft.com/?id=231789
| >
| >When you log on to a computer running Windows 2000
| Professional or Server,
| >Windows 2000 uses two authentication procedures to log
| you on locally.
| >Windows attempts to use Kerberos as the primary source
| of user
| >authentication. If the Key Distribution Center (KDC)
| service is not found
| >for Kerberos authentication, then Windows uses Windows
| NT LanManager(NTLM)
| >security to authenticate users in the local Security
| Accounts Manager (SAM)
| >database. KDC is a service that runs on all domain
| controllers and works
| >with Active Directory and Kerberos security
| authentication services. If the
| >KDC service is not available when you log on to your
| computer, Kerberos
| >cannot authenticate the user. Windows 2000 uses the NTLM
| security system
| >for compatibility with earlier versions of Windows NT.
| >
| >If you have any further questions or concerns, please
| feel free to let us
| >know.
| >
| >Have a nice day!
| >
| >Best regards,
| >
| >Laura Zhang
| >Microsoft Online Support Engineer
| >Get Secure! - <www.microsoft.com/security>
| >=====================================================
| >When responding to posts, please "Reply to Group" via
| your newsreader so
| >that others may learn and benefit from your issue.
| >=====================================================
| >This posting is provided "AS IS" with no warranties, and
| confers no rights.
| >
| >
| >--------------------
| >| Content-Class: urn:content-classes:message
| >| From: "Lamberti Mario" <[email protected]>
| >| Sender: "Lamberti Mario" <[email protected]>
| >| Subject: Sna Server and Active Directory
| >| Date: Tue, 2 Sep 2003 08:11:08 -0700
| >| Lines: 6
| >| Message-ID: <[email protected]>
| >| MIME-Version: 1.0
| >| Content-Type: text/plain;
| >| charset="iso-8859-1"
| >| Content-Transfer-Encoding: 7bit
| >| X-Newsreader: Microsoft CDO for Windows 2000
| >| Thread-Index: AcNxZG+/Zlh0LD/4RmaCnXKxTCbJPw==
| >| X-MimeOLE: Produced By Microsoft MimeOLE
| V5.50.4910.0300
| >| Newsgroups: microsoft.public.win2000.active_directory
| >| Path: cpmsftngxa06.phx.gbl
| >| Xref: cpmsftngxa06.phx.gbl
| microsoft.public.win2000.active_directory:46040
| >| NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
| >| X-Tomcat-NG: microsoft.public.win2000.active_directory
| >|
| >| I have two sna server installed in my windows 2000
| >| domain, sna1 (subdomain: snaenterprise, server
| >| role:primary) on win2k dc and sna2 (subdomain:
| >| snaenterprise, server role:secondary) on another win2k
| >| dc. Can I switch my domain in native mode? Sna Server
| 4
| >| support windows 2000 in native mode?
| >|
| >
| >.
| >
|
 
Back
Top