[THIN] Re: CAG Default User Group
- From: "Steve Greenberg" <steveg@xxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 23 Jan 2008 10:17:32 -0700
Yes, my statement was too general. It depends on the exact structure of your
AD in terms of OUs and Groups- CAG is somewhat limited in what how it can
traverse and understand AD objects. If you want more specific control you
can add a RADIUS authentication server and get a lot more granular....
Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd D8453
Scottsdale, AZ 85266
(602) 432-8649
www.thinclient.net
steveg@xxxxxxxxxxxxxx
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Chad Schneider (IT)
Sent: Wednesday, January 23, 2008 5:47 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Default User Group
That does not appear to be correct. So long as an AD user (even if they are
not in a corresponding CAG group) signs onto the CAG, they can sign on
successfully. What can they get to, appears to be not much, but what I have
done is pass them to a WI page, and since they are not in a group granting
rights to applications via that WI site, they get an empty WI page, and I
have also limited them to TCP 1494.
Chad Schneider
Systems Engineer
ThedaCare IT
920-735-7615
>>> "Steve Greenberg" <steveg@xxxxxxxxxxxxxx> 01/22/08 3:11 PM >>>
Exactly, AD authentication is looking to match a local CAG group with the AD
group. If you assign no resource to the default group, there is nothing to
access and no users in the group who can log in...
Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd D8453
Scottsdale, AZ 85266
(602) 432-8649
www.thinclient.net
steveg@xxxxxxxxxxxxxx
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Chad Schneider (IT)
Sent: Tuesday, January 22, 2008 1:42 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CAG Default User Group
AD
This is making more sense, as long as they are in AD, they have rights to
sign on, as they are "default" users. I set this to a WI site, that has no
available applications, so they sign on, they basically get nothing.
>>> On 1/22/2008 at 2:31 PM, <steveg@xxxxxxxxxxxxxx> wrote:
Are you using AD and/or Radius to authenticate the users that you want to
have access?
Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd D8453
Scottsdale, AZ 85266
(602) 432-8649
www.thinclient.net
steveg@xxxxxxxxxxxxxx
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Chad Schneider (IT)
Sent: Tuesday, January 22, 2008 11:54 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] CAG Default User Group
I want to only allow users in my created groups, access to my Citrix Access
Gateway. unfortunately, the default group is quite open. It can not be
deleted.
Suggestions as to how to lock out users from the Access Gateway, if they are
not in a specified group?
Chad Schneider
Systems Engineer
ThedaCare IT
920-735-7615
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
