[THIN] RE: [THIN] Re: Access Gateway 4.2
- From: Evan Mann <emann@xxxxxxxxxxxxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Wed, 2 Aug 2006 17:38:19 -0400
Sounds like you are asking for the same thing I asked about a while ago.
I have my CAG going straight to WI using SSO. (Hit CAG in browser, put
in username/password, click OK and you are dropped into WI and you see
your apps.) Qw don't use the VPN features of the CAG at all.
The only thing I ever came up with was to direct requests to an IIS
server first and use NTFS security based on group membership to
determine if the basic auth to the IIS server would allow them to then
redirect to the CAG. A few issues can be caused by this (SSL and DNS in
particular) depending on the network location of the IIS server, CAG,
and inside/outside access needs.
I never looked to see if this kind of functionality is available via
AAC, but this is such a simple request/option, I couldn't understand why
it's not available.
Alternatively, you could just do this security on the WI server. I
suppose it's not as secure, because users you don't want through the CAG
in the first place get through, but at least you could block them from
loading the WI page unless they were in a particular NTFS group.
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Schneider, Chad M
Sent: Wednesday, August 02, 2006 5:03 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Access Gateway 4.2
Sorry to be dense on this...just got HAMMERED down our windpipe...
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Schneider, Chad M
Sent: Wednesday, August 02, 2006 3:59 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Access Gateway 4.2
We go to the CAG, it asks for credentials, we then go to our Web
interface URL rather than the default gateway portal....
Once in the WI, they click on their applications and launch a VPN
connected Citrix app.
I must be missing something.
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Pitsch
Sent: Wednesday, August 02, 2006 3:43 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Access Gateway 4.2
Oh so we aren't talking about the VPN connection. If you are going
direct to WI and not authenticating to the CAG before hand then this
would be as expected.
Jeff Pitsch
Microsoft MVP - Terminal Server
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com <http://jeffpitschconsulting.com/>
On 8/2/06, Schneider, Chad M <CMSchneider@xxxxxxxxx> wrote:
I created 2 groups, in the CAG. Each is working fine, however, ALL
users in the AD domain are able to get through it and into it as well.
We have it set to go directly to our Web Interface page...
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Pitsch
Sent: Wednesday, August 02, 2006 3:12 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Access Gateway 4.2
Is this simply the CAG? You can setup groups in the CAG that would
allow you to define who has access.
Jeff Pitsch
Microsoft MVP - Terminal Server
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com <http://jeffpitschconsulting.com/>
On 8/2/06, Schneider, Chad M < CMSchneider@xxxxxxxxx
<mailto:CMSchneider@xxxxxxxxx> > wrote:
I have it configured for LDAP, working great...well...sort of...
I want it to only allow the users/groups I grant rights to, the ability
to use this...not the ENTIRE LDAP directory...
Can anyone assist?
Chad Schneider
Technology Analyst/Citrix Admin.
Bemis Company, Inc.
920-303-7609
Other related posts:
