[THIN] Re: netscalers and smartcards (CAC) - who's using them?
- From: Steve Snyder <kwajalein@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Fri, 23 Jan 2009 07:48:15 +1200
I can do explicit credentials into the WI.
What we've discovered is the NS is trying to authenticate to the WI with
some account name like @@67832ghj675uys8 when it should be passing through
the primary alternate name from the card that was used to authenticate with
the NS, which is something like 1534267288@mil which is how the active users
are displayed in the NS as well. So the NS is seeing the username correctly,
but somewhere between the NS and the WI the username is getting mauled.
On Fri, Jan 9, 2009 at 10:29 AM, Steve Greenberg <steveg@xxxxxxxxxxxxxx>wrote:
> Is it possible to have the Netscaler handle the authentication with the
> smart card and then just treat WI the normal way, i.e. pass through the AD
> credentials??
>
>
>
>
>
> *Steve Greenberg*
>
> Thin Client Computing
>
> 34522 N. Scottsdale Rd D8453
>
> Scottsdale, AZ 85266
>
> *(602) 432-8649*
>
> www.thinclient.net
>
> *steveg@xxxxxxxxxxxxxx*
>
>
> ------------------------------
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Steve Snyder
> *Sent:* Thursday, January 08, 2009 2:14 PM
>
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: netscalers and smartcards (CAC) - who's using them?
>
>
>
> Correct, although we were hoping that pass-through would work. I'm pretty
> sure we tried both ways for the WI (pass-through and not-pass-through) and
> both ways it (the WI) keeps prompting for credentials.
>
> On Fri, Jan 9, 2009 at 8:57 AM, Steve Greenberg <steveg@xxxxxxxxxxxxxx>
> wrote:
>
> Just to be clear, you do not have the Netscaler handling authentication for
> the WI? Is that correct? I.e. you login in to the SSL VPN and then you login
> with your smart card to the WI??
>
>
>
>
>
> *Steve Greenberg*
>
> Thin Client Computing
>
> 34522 N. Scottsdale Rd D8453
>
> Scottsdale, AZ 85266
>
> *(602) 432-8649*
>
> www.thinclient.net
>
> *steveg@xxxxxxxxxxxxxx*
>
>
> ------------------------------
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Steve Snyder
> *Sent:* Thursday, January 08, 2009 1:43 PM
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: netscalers and smartcards (CAC) - who's using them?
>
>
>
> I.m perusing it and trying to compare - the interface is quite different
> for 8.1
>
> The on diff I so see is the Configure Auth Server - they had me enter
> SubjectAltName:PrincipalName in the user field and left the group field
> blank
>
> I don't know if that's something that will vary with CACs/certs, but it's
> worth a try.
>
> On Thu, Jan 8, 2009 at 4:03 PM, <peter_dibbens@xxxxxxxxxxx> wrote:
>
> Hi,
>
>
>
> Have you seen this article http://support.citrix.com/article/ctx116373.
>
> I can vouch that the certificates components work as expected. You must
> also configure all the prerequisites for WI Pass-through.
>
>
>
> Thanks Pete
>
>
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Steve Snyder
> *Sent:* Thursday, 8 January 2009 10:40 AM
>
>
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] netscalers and smartcards (CAC) - who's using them?
>
>
>
> and what did you have to do to get the WI to come up properly?
>
>
>
> We're trialing a NS 8.1 in our DMZ - the VPN tunnel connects and it starts
> to load the WI site but the smartcard (CAC) authentication just doesn't fly.
> Citrix is scratching their heads.
>
>
>
>
>
Other related posts:
