[THIN] Re: netscalers and smartcards (CAC) - who's using them?
- From: "Steve Snyder" <kwajalein@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Fri, 9 Jan 2009 11:15:36 +1200
Might be possible - I had to set the pnagent to just use pass-through in
order to work with passing through smart card credentials - I'll give that a
whirl for kicks
On Fri, Jan 9, 2009 at 10:29 AM, Steve Greenberg <steveg@xxxxxxxxxxxxxx>wrote:
> Is it possible to have the Netscaler handle the authentication with the
> smart card and then just treat WI the normal way, i.e. pass through the AD
> credentials??
>
>
>
>
>
> *Steve Greenberg*
>
> Thin Client Computing
>
> 34522 N. Scottsdale Rd D8453
>
> Scottsdale, AZ 85266
>
> *(602) 432-8649*
>
> www.thinclient.net
>
> *steveg@xxxxxxxxxxxxxx*
>
>
> ------------------------------
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Steve Snyder
> *Sent:* Thursday, January 08, 2009 2:14 PM
>
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: netscalers and smartcards (CAC) - who's using them?
>
>
>
> Correct, although we were hoping that pass-through would work. I'm pretty
> sure we tried both ways for the WI (pass-through and not-pass-through) and
> both ways it (the WI) keeps prompting for credentials.
>
> On Fri, Jan 9, 2009 at 8:57 AM, Steve Greenberg <steveg@xxxxxxxxxxxxxx>
> wrote:
>
> Just to be clear, you do not have the Netscaler handling authentication for
> the WI? Is that correct? I.e. you login in to the SSL VPN and then you login
> with your smart card to the WI??
>
>
>
>
>
> *Steve Greenberg*
>
> Thin Client Computing
>
> 34522 N. Scottsdale Rd D8453
>
> Scottsdale, AZ 85266
>
> *(602) 432-8649*
>
> www.thinclient.net
>
> *steveg@xxxxxxxxxxxxxx*
>
>
> ------------------------------
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Steve Snyder
> *Sent:* Thursday, January 08, 2009 1:43 PM
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: netscalers and smartcards (CAC) - who's using them?
>
>
>
> I.m perusing it and trying to compare - the interface is quite different
> for 8.1
>
> The on diff I so see is the Configure Auth Server - they had me enter
> SubjectAltName:PrincipalName in the user field and left the group field
> blank
>
> I don't know if that's something that will vary with CACs/certs, but it's
> worth a try.
>
> On Thu, Jan 8, 2009 at 4:03 PM, <peter_dibbens@xxxxxxxxxxx> wrote:
>
> Hi,
>
>
>
> Have you seen this article http://support.citrix.com/article/ctx116373.
>
> I can vouch that the certificates components work as expected. You must
> also configure all the prerequisites for WI Pass-through.
>
>
>
> Thanks Pete
>
>
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Steve Snyder
> *Sent:* Thursday, 8 January 2009 10:40 AM
>
>
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] netscalers and smartcards (CAC) - who's using them?
>
>
>
> and what did you have to do to get the WI to come up properly?
>
>
>
> We're trialing a NS 8.1 in our DMZ - the VPN tunnel connects and it starts
> to load the WI site but the smartcard (CAC) authentication just doesn't fly.
> Citrix is scratching their heads.
>
>
>
>
>
Other related posts:
