This is a absolute cracker of a problem i have encountered and i applaud
anyone who can help.

Scenario :Using citrix to authenticate to bm3.8 in a library - main issue
first person authenticated using client trust was the only user getting
logged!.

My solution : to enable tsrv authentication against these citrix servers
and have the citrix application (ie) allow annonymous connections
therefore always prompt for access, which worked great!!!.

My next issue!, they need to print!!, using NDPS (obviously not
authenticated freezes their machine!). They also need to download
materials into their homedir's.

My solution (which i dont know how to implement), get bordermanager to
ignore any requests from the citrix ip addresses that come via clienttrust
and use tsrv based authentication. Client trust runs at user login and i
cannot remove this. Also i need to have them login so they can passthough
their printing rights to ndps and have their names appear on the PCounter
release station..

So to recap, i believe i simply need a way to have BM3.8sp1 ignore
clntrust from Citrix servers. I have attached a copy of my proxy.cfg for
anyone who can advise. PS if anyone does reply to this cracker, i take my
hat off to you!.

********START OF PROXY.CFG*************

[Log Format]
Delimiter-Character=space

[MiniWeb Server]
Port-Number=1959
Root-Directory=SYS:\ETC\PROXY\DATA

[MiniWeb Server: Mime Types]
Content-Type: text/html=htm,html
Content-Type: text/plain=txt,text,cla,class
Content-Type: image/gif=gif
Content-Type: image/jpeg=jpg,jpeg,jpe,jfif,pjpeg,pjp
Content-Type: image/tiff=tiff,tif
Content-Type: image/x-xbitmap=xbm
Content-Type: video/x-msvideo=avi
Content-Type: video/quicktime=qt,mov,moov
Content-Type: video/x-mpeg2=mpv2,mp2v
Content-Type: video/mpeg=mpeg,mpg,mpe,mpv,vbs,mpegv
Content-Type: audio/x-pn-realaudio=ra,ram
Content-Type: audio/x-mpeg=mpega,mp2,mpa,abs
Content-Type: audio/x-wav=wav
Content-Type: audio/x-aiff=aif,aiff,aifc
Content-Type: application/x-ns-proxy-autoconfig=pac

[Extra Configuration]
EnableTerminalServerAuthentication=1
RedirectHTTPSRequest=1


[Authentication Ranges]
PrivateRange1=172.19.2.1-172.19.2.5



**********END***************

Cheers
Julian