[THIN] Re: [THIN]

• From: "Mike Semon" <msemon@xxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Fri, 16 Sep 2005 17:17:09 -0500

Here are links to the Citrix articles on Pass-through authentication and the
Smart Card issue.  Apparently there is a hotfix for Windows 2003 SP1 with
this issue which needs to be applied to Citrix server.


http://support.citrix.com/kb/entry!default.jspa?categoryID=135&externalID=CT
X076838&fromSearchPage=true

http://support.citrix.com/kb/entry!default.jspa?categoryID=275&externalID=CT
X106053&fromSearchPage=true



-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf
Of Selinger, Stephen
Sent: Friday, September 16, 2005 5:01 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: [THIN]


  Hi,



  Do you mean the XML server in the Windows 2003 or the DC in that domain?
What articile is CTX 076838 ?? I can't seem to find that article on Citrix's
support site.  Thanks again.




----------------------------------------------------------------------------
--

  From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Mike Semon
  Sent: Friday, September 16, 2005 3:53 PM
  To: thin@xxxxxxxxxxxxx
  Subject: [THIN] Re: [THIN]



  Does your Windows 2003 server have SP1? There is a know issue with
pass-through authentication. I am not sure if it is for Smart Cards only.
Might also look at CTX 076838.

    -----Original Message-----
    From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Selinger, Stephen
    Sent: Friday, September 16, 2005 4:24 PM
    To: thin@xxxxxxxxxxxxx
    Subject: [THIN] Re: [THIN]

    Hi,



    Yes, pass through works great for my domain.  But it does not work for
the Windows 2003 domain in which I have a one way trust to.



    Thanks




----------------------------------------------------------------------------

    From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Mike Semon
    Sent: Friday, September 16, 2005 3:02 PM
    To: thin@xxxxxxxxxxxxx
    Subject: [THIN] Re: [THIN]



    Yes, that is an earlier version of WI. So is Pass-through working for
your Windows 2000 domain. If so that would eliminate the ICA client being
the problem.

      -----Original Message-----
      From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Selinger, Stephen
      Sent: Friday, September 16, 2005 3:39 PM
      To: thin@xxxxxxxxxxxxx
      Subject: [THIN] Re: [THIN]

      Hi,



      Is that a WI 3.0 file location? I can not find an Nfuse Icon on my 4.0
WI site.  Also if I set my WI site to only using connect to the XML server
in the Windows 2003 domain I do not receive any applications when using
Pass-Through.  I am informed by WI  that there are no applications
configured for my user account. When I log on to the WI site explicitly I do
get the applications and am able to sign on to those applications using
credentials from my Windows 2000 domain.



      Thanks




--------------------------------------------------------------------------

      From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Mike Semon
      Sent: Friday, September 16, 2005 2:21 PM
      To: thin@xxxxxxxxxxxxx
      Subject: [THIN] Re: [THIN]



      Might check permissions



      WebDir\Citrix\MetaFrameXP\NFuseIcons

      This is the folder used to store application icon image files. The web
server receives the icon data from the MetaFrame XML service, writes GIF
images to disk, and then serves the images over HTTP to the user. If Web
Interface is configured for only explicit authentication, the
IWAM_MachineName account is responsible for writing the files to disk and
the IUSR_MachineName account reads the files during delivery. If Web
Interface is configured for Desktop Credentials Pass-Through or Smart Card
authentication, IIS impersonates the user account for reading and writing
the icons.

      Authenticated Users: Full Control
      SYSTEM: Full Control
      Guest: No access

      Mike



        -----Original Message-----
        From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Selinger, Stephen
        Sent: Friday, September 16, 2005 3:09 PM
        To: thin@xxxxxxxxxxxxx
        Subject: [THIN]

        Good Day,

        I am trying to pass through my user's windows credentials to the WI
4.0 site. I have a Windows 2000 (Domain A) mixed mode domain with a one way
trust to a Windows 2003 (Domain B)native mode domain. Users are presented
with all applications from the Windows 2000 domain (A) when they log on with
pass through authentication but they receive no applications from the
Windows 2003 domain (B). If they log on with a explicit logon they receive
applications from both farms and life is good. My WI site is set to the xml
server in both domains. Thanks in advance and please let me know if I am not
being clear. I have posted this message on the Citrix forms but had no reply
thus is why I am posting here. (probably should have started here first
anyways!)

• References:
  • [THIN] Re: [THIN]
    • From: Selinger, Stephen

Other related posts:

• » [THIN] [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] THIN
• » [THIN] Re: THIN
• » [THIN] Re: THIN
• » [THIN] Re: THIN
• » [THIN] Re: THIN
• » [THIN] Re: THIN
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]
• » [THIN] Re: [THIN]

1. Home
2. thin
3. Archive
4. 09-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---