[THIN] Re: Single sign-on on novell

One 'cheat' that I've done in the past is create a ".citrix.context.company" 
context, and place NDS aliases for citrix users there.  So, create an alias for 
.user1.department1.company as .user1.citrix.context.company, and an alias for 
user2.department2.company as .user2.citrix.context.company.  Hard code the 
novell client on the citrix servers to .citrix.context.company.  Then when webI 
or PNA or whatever passes user/password to the gina, it logs in as ADS\user and 
.userx.citrix.context.company.  By virtue of the NDS alias, users will process 
the correct login script, and get the correct OU-based rights.  (caveat - the 
correct login script execution is NW5 & up.  NW4 runs the login script of the 
alias.)

Admittedly, the overhead to maintain a NDS alias for each user could be huge, 
depending on the number of users, but it's a one-time thing.  When you create a 
user, create an alias.  Everything else (rights, login script)will apply to the 
user itself as normal, and leave the alias alone.  It's all a tradeoff.  Either 
make users log in twice, or hire an extra admin to make aliases.  

Good luck!

Bruce Heavner
RapidApp
Sr. Network Engineer
bheavner@xxxxxxxxxxxx

-----Original Message-----
From: Marc-Andre Lapierre [mailto:malapierre@xxxxxxxxxxxxxxxx] 
Sent: Thursday, September 30, 2004 1:57 PM
To: Thin (E-mail)
Subject: [THIN] Single sign-on on novell

Hi everyone,

I need to get the pnagent/webinterface to do a single sign-on on novell. The 
problem is that the citrix users are created in ADS, but all the files/print 
services resides on novell, both environment has a same user/password that sync 
with dirxml. That means, i need to get the users authenticate to both microsoft 
and novell... in a regular login, that works perfect with the standard login 
with ldap or dscat contextless login. But with the webinterface or pnagent, the 
citrix gina is not able to create the event mouseclick or tabreturn in the 
nwgina.dll so that the novell client can « find » the right context for the 
user.

Is there a way to « emulate » that kind of event, hack a reg key or something 
like that? I know i could use the web interface NDS context  search but i can't 
do that since my users are located in ADS. I can't get rid of novell, and all 
the citrix users have to be in ADS and everything has to be single sign-on to 
meet all the requirement of the project.

Any help would be appreciated

Thanks a lot everybody

__________________________________________________________


Marc-André Lapierre

Consultant Systems & Infrastructures
514 977-6170
Email : malapierre@xxxxxxxxxxxxxxxx

********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? --   Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id20
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? --   Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts: