Article

dpkiranprabhu's picture
article
Reads:

6693

Score:
0
0
 
Comments:

0

Citrix Pass Through Using Smart Card in Active Directory Environment

Author Info

30 April 2009 - 4:03pm
Submitted by: dpkiranprabhu

Author Blog
Author Profile

Tags

Tags Map

(View Disclaimer)

Environment
Configuration:

Citrix Server:

  1. Citrix PS3 W2K3 server.
  2. PKI ActivClient 5.4 (Master_CD_version.zip) plus HF FIX0602012
  3. NSL 6.0 client installed in eDir/LDAP mode and selected windows starts for LDAP auth.
  4. Smart card support is selected.
  5. A user account "user3" has been created in AD with the same eDirectory user name and password.
  6. Allow log on locally and Allow log on through Terminal services was added for "user3".

Client

  1. XP Professional SP1 with Citrix ICA client 8.0
  2. PKI ActivClient 5.4 (Master_CD_version.zip) plus HF FIX0602012
  3. NSL 6_0 installed in eDir/LDAP mode and selected when Windows starts for LDAP auth.
  4. Smartcard support is selected.
  5. ActivCard V2 reader attached.

Changes:

  1. Workstation was been put into Active Directory domain.
  2. Registry settings in Citrix server was changed.
    ginadll contains the value c:\windows\system32\ctxgina.dll
    ctxgina contains the value c:\windows\system32\nwgina.dll
  3. Registry key "UseCNasWindowsUserInCitrix" was created at HKLM\Software\Novell\Login\Ldap.

Sequence flow:

Citrix Server:

  1. Login into NSL gina with the user "admin" who is configured without smart card support.
  2. NSL should be loaded.

Workstation:

  1. Login into NSL with the user "user3" who is configured to store the credentials on the smart card.
  2. Select the NT domain(Citrix server) in the ldap gina.
  3. After successful login, Enter the PIN.
  4. Access the Citrix published application – Application launches successfully

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.



Related Articles


User Comments

© 2013 Novell