The reason is because we don't want to store credentials in AD. We have done windows authentication with external MIT KDC, and therefore would like to do the same with citrix. In that way, there will be no duplication of credentials. How can I know whether citrix uses DNS properly or not ? -lara- Chris Lynch <lynch00@xxxxxxx> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm not aware of any way to accomplish this. Unless you have a SAMBA server in place. But, with the latest version of SAMBA, you can only use NTLM authentication, not Kerberos. And what is your reason for not wanting to use AD? (not that I really want to open a can of worms, but just asking) Chris ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Lara Adianto Sent: Monday, August 23, 2004 11:52 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] citrix pass-through authentication with MIT Realm ? Hello, Has anyone ever tried citrix client pass through authentication to external MIT KDC instead of to the windows domain where the citrix server actually belongs to ? Let's say that a user uses his/her external MIT realm credential to login to a windows xp machine, which is a citrix metaframe xp presentation server 3.0 client. We would like to make use of pass-through authentication feature when the user wants to access the shared applications so that the user doesn't need to reenter his/her credential in windows AD (we don't want to make use or even store user credentials in AD anyway). In my opinion, it should be possible to authenticate with external MIT realm as long as the server is able to resolve the address of external MIT realm. Through ethereal, i can see that the server is trying to resolve the MIT.REALM.COM (that's the external MIT Realm) using NBNS. I tried to tell the citrix server to use DNS instead, by 'enabling XML service DNS address resolution' in the metaframe xp settings of the farm but it still sends queries using NBNS Is it actually possible to get pass-through authentication to work using external MIT realm tickets ? Thanks, lara - ---------------------------------------------------------------------- - -------------- La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit - Guy de Maupassant - - ---------------------------------------------------------------------- - -------------- ________________________________ Do you Yahoo!? New and Improved Yahoo! Mail com/new_mail/static/efficiency.html> - 100MB free storage! -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 Comment: Public PGP Key for Chris Lynch iQA/AwUBQStTlG9fg+xq5T3MEQLHZwCfSH4vHSGlAlFqWrcUYIS42Ov8yl0An0yc VBnCSiBTOkeqHW6UajXcO62u =LWs9 -----END PGP SIGNATURE----- ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id=320 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ------------------------------------------------------------------------------------ La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit - Guy de Maupassant - ------------------------------------------------------------------------------------ --------------------------------- Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now.