[THIN] Re: RePost - WI/SG with multiple AD

• To: <thin@xxxxxxxxxxxxx>
• Date: Fri, 19 Sep 2003 09:50:26 +0200

Well, the situation:

We want to install a CSG server in the DMZ on the first firewall. This will be 
the front-end for the unsecure users. We want to install 2 different WI servers 
in the DMZ on the second firewall along with a SG Proxy server. 
The 2 WI servers will service 2 separate farms with separate AD. The secure 
networks are located on the second firewall (isolated from each other).

My problem is how to get the SG server to send the user to the correct WI 
server for that user.
If a user that need to access Farm1 starts a 
https://some.web.server/Citrix/MetaFrameXP to the SG server (which is the 
front-end) how can I make sure that user accesses the correct WI server?

---
mvh/yours
Anders Hansen-Øvre

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of 
Chris Lynch
Sent: 19. september 2003 00:56
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: RePost - WI/SG with multiple AD


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Um, are you sure about this?  Since when did the STA provide user account 
authentication?  The MF server always authenticates the user account.

You should need 2 one way trusts setup.  Otherwise, how is the MF server going 
to know what domain to authenticate the user account to?

(NOTE:  All of that should be provided by the XML service.)

Otherwise, you will need two independent WI servers, and you can use one CSG 
server if you wish.

Chris 

- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of 
Nick Crisp
Sent: Thursday, September 18, 2003 3:46 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: RePost - WI/SG with multiple AD

Have you added the STA from both farms to WI list?
Have you given XML access from both farms back to the WI?

The authentication credentials should be passed to the available STA's in the 
WI list until successful. So forcing should not be necessary

- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of 
Anders Hansen-Øvre
Sent: Thursday, 18 September 2003 5:38 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: RePost - WI/SG with multiple AD

When I try to configure the WI to access 2 different farms and add the two 
domains in under auth the WI never authenticates the user correctly. It always 
says bad username/password.

Is there a way to force the connections to a defined farm based on the select 
domain name perhaps ?

- ---
mvh/yours
Anders Hansen-Øvre, Seniorkonsulent 

- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of 
Nick Crisp
Sent: 18. september 2003 09:00
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: RePost - WI/SG with multiple AD


While I haven't specifically got it working in this way (so I may be a little 
off) I did have Nfuse2(WI) accessing to completely separate domains one through 
the CSG and the other through regular 1494

However the CSG can have multiple STAs and WI can authenticate on multiple 
domains so I believe it should work, The WI and CSG need not be associated with 
either domain

WI uses the XML service to talk with the MF server for authentication... so it 
requires no trust

Basically my WI server and my CSG server are in there own separate 
subnet/domain there is no trust whatsoever between them and the MetaframeFarm 
and its Domain controller/STA server

- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of 
Anders Hansen-Øvre
Sent: Thursday, 18 September 2003 4:45 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: RePost - WI/SG with multiple AD

But to get WI to auth with multiple domain we would need to establish trust 
between them, as far as i know. Is it possable to install multiple SG instanses 
on one server without using VMWare ?

- ---
mvh/yours
Anders Hansen-Øvre, Seniorkonsulent 

- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of 
Nick Crisp
Sent: 18. september 2003 03:24
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: RePost - WI/SG with multiple AD


WI can authenticate with multiple domains 

                  WI     /---SN1 MF Farm1
- --internet--<FW>--|--<FW>
                  SG     \---SN2 MF Farm2

- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of 
Anders Hansen-Øvre
Sent: Thursday, 18 September 2003 4:37 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] RePost - WI/SG with multiple AD

Hi all, I have a question regarding the installation of WI and SG.

Scenario:


                       |------<Secure network 1> 
--internet--<FW>------<FW>----<Secure network 2>
             |         |
             SG       WI and SG Proxy

Using this configuration we are able to give external access to one of the 
secure networks. What is the best way to give WI access to 2 different farms 
(with different AD) without using WIE with a double-hop DMZ ?

One solution is to install one SG and WI for each farm/ad your want to give 
access to but in that case we will need 2 servers per farm. Establishing trust 
between them can't be done.

Anyone have a good solution?

- ---
mvh/yours
Anders
********************************************************
This Week's Sponsor:  ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at: 
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the 
below link: http://thethin.net/citrixlist.cfm



********************************************************
This Week's Sponsor:  ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at: 
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link: 
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor:  ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at: 
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link: 
http://thethin.net/citrixlist.cfm



********************************************************
This Week's Sponsor:  ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at: 
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link: 
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor:  ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at: 
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link: 
http://thethin.net/citrixlist.cfm



********************************************************
This Week's Sponsor:  ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at: 
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link: 
http://thethin.net/citrixlist.cfm -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Public PGP key for Chris Lynch

iQA/AwUBP2o3/29fg+xq5T3MEQKukACgtWwG/IbN1zejaHuznhvleChD0bEAoMHQ
5ZLXUqDdxu3TVyKSShHqMm7S
=kk4V
-----END PGP SIGNATURE-----

********************************************************
This Week's Sponsor:  ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at: 
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link: 
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor:  ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

• Follow-Ups:
  • [THIN] Re: RePost - WI/SG with multiple AD
    • From: Chris Lynch

Other related posts:

• » [THIN] RePost - WI/SG with multiple AD
• » [THIN] Re: RePost - WI/SG with multiple AD
• » [THIN] Re: RePost - WI/SG with multiple AD
• » [THIN] Re: RePost - WI/SG with multiple AD
• » [THIN] Re: RePost - WI/SG with multiple AD
• » [THIN] Re: RePost - WI/SG with multiple AD
• » [THIN] Re: RePost - WI/SG with multiple AD
• » [THIN] Re: RePost - WI/SG with multiple AD
• » [THIN] Re: RePost - WI/SG with multiple AD
• » [THIN] Re: RePost - WI/SG with multiple AD
• » [THIN] Re: RePost - WI/SG with multiple AD

1. Home
2. thin
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---