[THIN] Re: Smartcard authentication
- From: "Greg Reese" <gareese@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Wed, 25 Apr 2007 12:13:44 -0500
There are some additional lines to add to the WFClient section of the ica
files that will help this. Basically, get a custom ica connection working
in program neightborhood, then copy the wfclient section out of the
appsrv.ini and into the wfclient section of the ica file. I think UIFlags=8
was the one we determined was the magic pill for pass through and smart
cards. I will double check. There is also the SSOnUserSetting=On and
Enable SSOnThruICAFile=On that need to be in the appsrv.ini.
As to the rest, if you want them to log on locally to the thin client with a
smart card, make sure you have the reader drivers, middleware, ocsp software
(if any) all installed and working.
I have the T5720 with embedded xp and I am able to log into it with a smart
card. after that it's a little quirky still. I have not been overly
impresses. I use a script on mine that replacers the shell with a
connection to a published desktop. Same effect in the end but it removes
the hassle of XPe and all it's preinstalled crap that I don't want the users
to see.
Greg
On 4/25/07, Pete Kuhn <pkuhn@xxxxxxx> wrote:
Greetings,
I am trying to setup smartcard authentication for a shared thin client
device using password managers hotdesktop. I am trying to get this to work
on an HP t5720.
I am running into 2 problems. Has anyone experienced these problems and
found solutions.
Problem 1:
The smartcard authentication will not work on the HP t5720 XPe OS. I have
the machine joined to our domain. The OS prompts for either "insert
smartcard or ctrl-alt-del". After inserting the smartcard and supplying the
correct PIN the following message is displayed after roughly 60 seconds..
"The system could not log you on. Your credentials could not be verified"
I can authenticate using the users credentials but not the smartcard.
FYI - The same card can be successfully used on a machine that has a full
OS of XP.
Problem 2:
This is on a full OS of XP. SP2
I have installed the citrix hotdesktop client. In order for a citrix app
to launch using the HDU the client needs to be installed with the option
"not to use the local credentials". With doing this I loose the passthrough
authentication capabilities. If I install the client with the option "use
local user and credentials", when I launch a citrix app it uses the HDSU
instead of the HDU account.
FYI - We do not use the program neighborhood client as a standard. We
create ica files and publish them through our intranet home page. Yes, I
have put the proper statements in the ica file to allow for passthrough
authentication.
I want to have the best of both worlds - SSO and hotdesktop.
Can anyone tell me if they have successfully deployed this and what
solution would be for the problems I am having. I am using athena
smartcards.
Thanks in advance
Pete Kuhn
Technical Staff Specialist MCNE, MCSE
Technical Deployment Team
University of Maryland Medical System
22 S. Greene St.
Mail Stop PP-33
Baltimore, MD 21201-1590
410-328-0381
"I believe that every human has a finite number of heartbeats. I
don't intend to waste any of mine running around doing
exercises." -- Buzz Aldrin
- References:
- [THIN] Smartcard authentication
- From: Pete Kuhn
Other related posts:
- » [THIN] Smartcard authentication
- » [THIN] Re: Smartcard authentication
Greetings, I am trying to setup smartcard authentication for a shared thin client device using password managers hotdesktop. I am trying to get this to work on an HP t5720. I am running into 2 problems. Has anyone experienced these problems and found solutions. Problem 1: The smartcard authentication will not work on the HP t5720 XPe OS. I have the machine joined to our domain. The OS prompts for either "insert smartcard or ctrl-alt-del". After inserting the smartcard and supplying the correct PIN the following message is displayed after roughly 60 seconds.. "The system could not log you on. Your credentials could not be verified" I can authenticate using the users credentials but not the smartcard. FYI - The same card can be successfully used on a machine that has a full OS of XP. Problem 2: This is on a full OS of XP. SP2 I have installed the citrix hotdesktop client. In order for a citrix app to launch using the HDU the client needs to be installed with the option "not to use the local credentials". With doing this I loose the passthrough authentication capabilities. If I install the client with the option "use local user and credentials", when I launch a citrix app it uses the HDSU instead of the HDU account. FYI - We do not use the program neighborhood client as a standard. We create ica files and publish them through our intranet home page. Yes, I have put the proper statements in the ica file to allow for passthrough authentication. I want to have the best of both worlds - SSO and hotdesktop. Can anyone tell me if they have successfully deployed this and what solution would be for the problems I am having. I am using athena smartcards. Thanks in advance Pete Kuhn Technical Staff Specialist MCNE, MCSE Technical Deployment Team University of Maryland Medical System 22 S. Greene St. Mail Stop PP-33 Baltimore, MD 21201-1590 410-328-0381 "I believe that every human has a finite number of heartbeats. I don't intend to waste any of mine running around doing exercises." -- Buzz Aldrin
- [THIN] Smartcard authentication
- From: Pete Kuhn