[THIN] Re: Single sign-on on novell
- From: "Bruce Heavner" <bheavner@xxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 30 Sep 2004 14:22:19 -0500
One 'cheat' that I've done in the past is create a ".citrix.context.company"
context, and place NDS aliases for citrix users there. So, create an alias for
.user1.department1.company as .user1.citrix.context.company, and an alias for
user2.department2.company as .user2.citrix.context.company. Hard code the
novell client on the citrix servers to .citrix.context.company. Then when webI
or PNA or whatever passes user/password to the gina, it logs in as ADS\user and
.userx.citrix.context.company. By virtue of the NDS alias, users will process
the correct login script, and get the correct OU-based rights. (caveat - the
correct login script execution is NW5 & up. NW4 runs the login script of the
alias.)
Admittedly, the overhead to maintain a NDS alias for each user could be huge,
depending on the number of users, but it's a one-time thing. When you create a
user, create an alias. Everything else (rights, login script)will apply to the
user itself as normal, and leave the alias alone. It's all a tradeoff. Either
make users log in twice, or hire an extra admin to make aliases.
Good luck!
Bruce Heavner
RapidApp
Sr. Network Engineer
bheavner@xxxxxxxxxxxx
-----Original Message-----
From: Marc-Andre Lapierre [mailto:malapierre@xxxxxxxxxxxxxxxx]
Sent: Thursday, September 30, 2004 1:57 PM
To: Thin (E-mail)
Subject: [THIN] Single sign-on on novell
Hi everyone,
I need to get the pnagent/webinterface to do a single sign-on on novell. The
problem is that the citrix users are created in ADS, but all the files/print
services resides on novell, both environment has a same user/password that sync
with dirxml. That means, i need to get the users authenticate to both microsoft
and novell... in a regular login, that works perfect with the standard login
with ldap or dscat contextless login. But with the webinterface or pnagent, the
citrix gina is not able to create the event mouseclick or tabreturn in the
nwgina.dll so that the novell client can « find » the right context for the
user.
Is there a way to « emulate » that kind of event, hack a reg key or something
like that? I know i could use the web interface NDS context search but i can't
do that since my users are located in ADS. I can't get rid of novell, and all
the citrix users have to be in ADS and everything has to be single sign-on to
meet all the requirement of the project.
Any help would be appreciated
Thanks a lot everybody
__________________________________________________________
Marc-André Lapierre
Consultant Systems & Infrastructures
514 977-6170
Email : malapierre@xxxxxxxxxxxxxxxx
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
