Might be possible - I had to set the pnagent to just use pass-through in order to work with passing through smart card credentials - I'll give that a whirl for kicks On Fri, Jan 9, 2009 at 10:29 AM, Steve Greenberg <steveg@xxxxxxxxxxxxxx>wrote: > Is it possible to have the Netscaler handle the authentication with the > smart card and then just treat WI the normal way, i.e. pass through the AD > credentials?? > > > > > > *Steve Greenberg* > > Thin Client Computing > > 34522 N. Scottsdale Rd D8453 > > Scottsdale, AZ 85266 > > *(602) 432-8649* > > www.thinclient.net > > *steveg@xxxxxxxxxxxxxx* > > > ------------------------------ > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Steve Snyder > *Sent:* Thursday, January 08, 2009 2:14 PM > > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] Re: netscalers and smartcards (CAC) - who's using them? > > > > Correct, although we were hoping that pass-through would work. I'm pretty > sure we tried both ways for the WI (pass-through and not-pass-through) and > both ways it (the WI) keeps prompting for credentials. > > On Fri, Jan 9, 2009 at 8:57 AM, Steve Greenberg <steveg@xxxxxxxxxxxxxx> > wrote: > > Just to be clear, you do not have the Netscaler handling authentication for > the WI? Is that correct? I.e. you login in to the SSL VPN and then you login > with your smart card to the WI?? > > > > > > *Steve Greenberg* > > Thin Client Computing > > 34522 N. Scottsdale Rd D8453 > > Scottsdale, AZ 85266 > > *(602) 432-8649* > > www.thinclient.net > > *steveg@xxxxxxxxxxxxxx* > > > ------------------------------ > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Steve Snyder > *Sent:* Thursday, January 08, 2009 1:43 PM > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] Re: netscalers and smartcards (CAC) - who's using them? > > > > I.m perusing it and trying to compare - the interface is quite different > for 8.1 > > The on diff I so see is the Configure Auth Server - they had me enter > SubjectAltName:PrincipalName in the user field and left the group field > blank > > I don't know if that's something that will vary with CACs/certs, but it's > worth a try. > > On Thu, Jan 8, 2009 at 4:03 PM, <peter_dibbens@xxxxxxxxxxx> wrote: > > Hi, > > > > Have you seen this article http://support.citrix.com/article/ctx116373. > > I can vouch that the certificates components work as expected. You must > also configure all the prerequisites for WI Pass-through. > > > > Thanks Pete > > > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Steve Snyder > *Sent:* Thursday, 8 January 2009 10:40 AM > > > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] netscalers and smartcards (CAC) - who's using them? > > > > and what did you have to do to get the WI to come up properly? > > > > We're trialing a NS 8.1 in our DMZ - the VPN tunnel connects and it starts > to load the WI site but the smartcard (CAC) authentication just doesn't fly. > Citrix is scratching their heads. > > > > >