How Logon Agent identifies users

When users on supported Mac or Windows clients log on to a Windows domain, the logon application is invoked.

Steps

  1. The logon application contacts Logon Agent via HTTP.
  2. Logon Agent sends an NTLM authentication challenge, and the logon application provides a user name, hashed password, and IP address to Logon Agent.
  3. Logon Agent verifies the user name/password combination from the logon application by establishing a session with the domain controller. (Logon Agent contacts User Service to determine which domain controller is the logon source.)
  4. After verifying the user name/IP address pair, Logon Agent provides the information to Filtering Service and adds an entry to its user map in local memory. The user map is periodically saved to a backup file, AuthServer.bak.
  5. Filtering Service records user name/IP address pairs to its own copy of the user map in local memory. Filtering Service is not sent confidential information (such as user passwords).

Next steps

If you use both Logon Agent and DC Agent, Logon Agent takes precedence. DC Agent communicates a logon session to Filtering Service only in the unlikely event that Logon Agent has missed one.