[cvsnt] Re: SSPI Problems

[Tony Hoyle]

Bob Provencher wrote:
> Well, I'm pretty experienced at developing for NT security and Active
> Directory.  Domains are very relevant when talking about logins.  I don't
> think LSA simply looks in it's own user database for an account with the
> same username/password as the incoming one.

For SSPI it'll look up based on the domain and the username even on a 
non-domain machine, since the DOMAIN\Username is translated to a SID 
which contains both.

The user also needs network login rights to the machine of course, and 
the account must be enabled etc.

Switching on auditing will usually tell you what the problem is.

The one glitch is logging in from XP Home or a machine with 'simple file 
sharing' enabled, since this screws up the authentication by forcing 
every login to the guest account... this affects everything not just 
cvsnt though (there are workarounds in the code to counteract this 
effect but I'm not sure they work all the time).

Tony