[THIN] Restrict access to WI
- From: "Evan Mann" <emann@xxxxxxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Mon, 10 Oct 2005 11:18:03 -0400
I have users accessing WI through an Access Gateway. I have users on
the domain who it this using a domain name that is set in AD to resolve
to an internal IP, and they are coming across VPN's.
When people leave my network, they are resolving to an external IP and
hitting the same access gateway.
The Access Gateway's are setup to require authentication, and then pass
that through to WI for SSO.
I'm trying to come up with a way that I can restrict users abilities to
access the Citrix environment when off network, so I can prevent users
from working from home. I can't prevent access from certain IP's,
because home IP's are dynamic, and some people will be given access to
work from home.
Possibly some type of setup where they hit a website infront of the
access gateway and it does a check based on the domain name used to
access the site, references an AD security group, and forward the reqest
to the Access Gateway as necessary? The issue this causes is the
Access Gateway can only have 1 SSL certificate, so people working frm
home would have an SSL popup with a mismtached domain name and need to
say YES, but I would be OK with that.
Would this work? Is there some better way to do it?
Other related posts:
