Domain name not required for authentication?
-
Hi guys,
I just setup a Windows 2016 server as DC & File server to do a demo for a customer. In the process I was setting up a few shares and noticed that from Windows or Mac I was able to authenticate with the server with just a username instead of DOMAIN\username. If said server is running as DC, shouldn't the domain name be required for authentication?
-
I take it that the clients were not members of that same domain?
-
@wrx7m That's correct. Neither were members.
-
That is interesting. I can't think of any reason why that would work.
-
Maybe it defaults to the domain finally.
-
@scottalanmiller But how does the Mac client know it is authenticating to a domain?
Edit: Or do you mean that the Windows server assumes that the username and pass go with the domain that it is running?
-
Ok, I just logged into two BDR boxes at customer sites, and I was able to login to the main file servers (one 2012r2, the other 2016) at both locations with domain admin credentials with no domain name. Neither BDR box is a member of the domain. Maybe this has been this way for a while and I haven't noticed?
-
@frodooftheshire News to me.
-
@wrx7m said in Domain name not required for authentication?:
@scottalanmiller But how does the Mac client know it is authenticating to a domain?
Edit: Or do you mean that the Windows server assumes that the username and pass go with the domain that it is running?
Right, my guess is that Windows takes the domain as the default rather than the local. It's basically the obvious default, it just wasn't there before.
-
I have seen this work like this for a long while. But it can be weird because I've seen it fail too. If the client in question don't present some time of machine/domain name automatically, I think the domain auth will just assume the domain that's being authenticated against and if an account matches it tries the password.. but, if the client does pass along machine/domain type info, of course it fails if it doesn't match.
