Home

Results 1 to 7 of 7

Thread: Contextless login and Citrix

Hybrid View

  1. #1
    Kenny Anderson NNTP User

    Contextless login and Citrix

    v4.91 client on Windows 2003 & Presentation Server 4.0. It seems the
    LDAP contextless login feature of the client only works "interactively"
    - i.e. the TAB key is pressed or mouse is used to move from username to
    password field. This means contextless login when passing authentication
    details from CTXGina.dll to NWGina.dll doesn't work - there's no LDAP
    lookup until the user changes something.

    Are there any plans to modify lgncxw32.dll so that an LDAP search is
    done if credentials are already passed through from another GINA?


  2. #2
    Graham Prentice NNTP User

    Re: Contextless login and Citrix

    A work-around is to edit the default NW client location profile to be
    blank - untick save profile after successful login. Each new user will
    have to enter their login name to the blank field upon login to Citrix.
    Graham
    "Kenny Anderson" <KAnderson@REMOVEbcwgroup.com> wrote in message
    news:6Lm9f.2262$OC3.2037@prv-forum2.provo.novell.com...
    > v4.91 client on Windows 2003 & Presentation Server 4.0. It seems the
    > LDAP contextless login feature of the client only works "interactively"
    > - i.e. the TAB key is pressed or mouse is used to move from username to
    > password field. This means contextless login when passing authentication
    > details from CTXGina.dll to NWGina.dll doesn't work - there's no LDAP
    > lookup until the user changes something.
    >
    > Are there any plans to modify lgncxw32.dll so that an LDAP search is
    > done if credentials are already passed through from another GINA?
    >




  3. #3
    Kenny Anderson NNTP User

    Re: Contextless login and Citrix

    Graham Prentice wrote:
    > A work-around is to edit the default NW client location profile to be
    > blank - untick save profile after successful login. Each new user will
    > have to enter their login name to the blank field upon login to Citrix.


    Thanks Graham - I hadn't thought of it. Of course, this means another
    occasion where the user is prompted to enter their name and password,
    which we're trying to do away with as much as possible.

    I'm hoping such a simple change to the invocation order in the GINA will
    make it to a FTF any day ... or am I being optimistic?

  4. #4
    Graham Prentice NNTP User

    Re: Contextless login and Citrix

    I believe Citrix has full NDS support - you may want to try the Citrix
    forums about this.
    We use Metaframe XP with nfuse - we also use username & password twice - it
    is a little inconvienent but works nicely. (I think the remote home users
    see it as more secure)
    When we orig set it up - there was NW contextless support back then but I
    couldn't get it to work properly - but didn't try too hard. (as a work
    around we blanked out the NWclient username fields and set a Citrix
    setting - adv conn settings - prompt for password)
    We are starting to look at upgrading to PS4 and hope to just login once this
    time.
    Graham
    "Kenny Anderson" <KAnderson@REMOVEbcwgroup.com> wrote in message
    news:4h%9f.855$NC.253@prv-forum2.provo.novell.com...
    > Graham Prentice wrote:
    >> A work-around is to edit the default NW client location profile to be
    >> blank - untick save profile after successful login. Each new user will
    >> have to enter their login name to the blank field upon login to Citrix.

    >
    > Thanks Graham - I hadn't thought of it. Of course, this means another
    > occasion where the user is prompted to enter their name and password,
    > which we're trying to do away with as much as possible.
    >
    > I'm hoping such a simple change to the invocation order in the GINA will
    > make it to a FTF any day ... or am I being optimistic?




  5. #5
    Anders Gustafsson NNTP User

    Re: Contextless login and Citrix

    Graham Prentice,
    > I believe Citrix has full NDS support - you may want to try the Citrix
    > forums about this.
    >

    Yes. There is a very good whitepaper available from Novell about this.

    - Anders Gustafsson, Engineer, CNE6, ASE
    NSC Volunteer Sysop
    Pedago, The Aaland Islands (N60 E20)

    Novell does not monitor these forums officially.
    Enhancement requests for all Novell products may be made at
    http://support.novell.com/enhancement

    Using VA 5.51 build 315 on Windows 2000 build 2195


  6. #6
    Kenny Anderson NNTP User

    Re: Contextless login and Citrix

    Anders Gustafsson wrote:
    > Graham Prentice,
    >
    >>I believe Citrix has full NDS support - you may want to try the Citrix
    >>forums about this.
    >>

    >
    > Yes. There is a very good whitepaper available from Novell about this.


    It depends on your definition of "full NDS support". I've no idea if PS4
    has fixed it, but PS3 would NOT session share when using NDS. It also
    meant using Zen's DLU to create a Windows account, but as we've got
    DirXML doing it's thing ...

  7. #7
    Graham Prentice NNTP User

    Re: Contextless login and Citrix

    This is from the Citrix Presentation Server 4 readme:

    LDAP NDS Context Lookup

    By default, eDirectory does not give anonymous connection access to the cn
    attribute, which is required for contextless logon. For information about
    how to reconfigure eDirectory, visit http://developer.novell.com/. [#112586]

    Citrix recommends that you do not enable contextless authentication in
    conjunction with two-factor authentication.

    The following parameters are added to WebInterface.conf:

    Parameter - NDSContextLookupServers

    Description - Specifies the LDAP servers to use. If the port is not
    specified, it is inferred from the protocol: ldap for the default LDAP port
    (389), or ldaps for the default LDAP over SSL port (636). A maximum of 512
    servers is supported. If this parameter is empty or not present, the
    contextless logon functionality is disabled.

    Values - None. ldap://[:]|ldaps://[:],...

    Site Types - MetaFrame Presentation Server, Program Neighborhood Agent
    Services



    Parameter - NDSContextLookupLoadbalancing

    Description - Specifies whether or not to load balance the configured LDAP
    servers.

    Values - On, Off

    Site Types - MetaFrame Presentation Server, Program Neighborhood Agent
    Services

    Graham

    "Kenny Anderson" <KAnderson@REMOVEbcwgroup.com> wrote in message
    news:_Mpbf.510$u%.228@prv-forum2.provo.novell.com...
    > Anders Gustafsson wrote:
    > > Graham Prentice,
    > >
    > >>I believe Citrix has full NDS support - you may want to try the Citrix
    > >>forums about this.
    > >>

    > >
    > > Yes. There is a very good whitepaper available from Novell about this.

    >
    > It depends on your definition of "full NDS support". I've no idea if PS4
    > has fixed it, but PS3 would NOT session share when using NDS. It also
    > meant using Zen's DLU to create a Windows account, but as we've got
    > DirXML doing it's thing ...




Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •