GINA Credential Passthrough

With the SecureLogin Citrix components installed, SecureLogin provides a seamless passthrough of GINA credentials (for example, username and password) from the client to the server. The GINA credential pass-through operates anytime that the terminal server presents a GINA login panel. If the credentials that the user uses to log in to the client match the credentials of the terminal server, the credentials are automatically passed for the user.

If the stored credentials don't match, SecureLogin captures the error and presents a new login panel for the user to complete. SecureLogin detects which GINA is running on the terminal server and requests the appropriate information. For example, if SecureLogin detects that the terminal server has the Novell Client^TM installed, SecureLogin presents the following dialog box:

After the user completes the dialog box, SecureLogin saves the information as a hidden application (platform) within the SecureLogin datastore directory (and local cache if applicable). The next time the user accesses the terminal server, the credentials are retrieved from the hidden application and seamlessly passed to the terminal server.

Passthrough Authentication Fails

Scenario

Passthrough Authentication fails with Citrix Metaframe Presentation* Server displaying an error message.

Possible Cause

If SecureLogin is installed on a Citrix Metaframe Presentation Server 3.0, passthrough authentication might not be successful. This occurs if you set up the following configuration on the Citrix server:

• SecureLogin client is installed in eDirectory mode
• Novell Client version 4.9 or later is installed

When you attempt a Citrix client connection with the Citrix server, the error message Unable to find Novell Login window. Press Cancel to stop finding or Retry to continue is displayed with the window title SLAA Citrix Server for Novell.

If you click Retry, SecureLogin enters the user credentials in the Novell Login dialog box and passthrough continues normally. If you click Cancel, SecureLogin exits and the Novell Login dialog box prompts you to enter credentials (manually).

Solution

Ensure the following:

• The Novell Login dialog box has the title bar Novell Login. For details, refer to TID # 10094461.
• The Workstation captures the credentials from the initial login. For details, refer to TID # 10094565.
• SecureLogin Client runs in the same mode on both the workstation and the Citrix server.
• SecureLogin Client starts running on the workstation prior to the startup of the ICA session.
• The following registry values exist under the registry key HKLM\Software\Protocom\VirtualChannel:

  Name	Type	Data
  AutoDetect	REG_SZ	0
  protocol	REG_SZ	ICA

• GINA on the Citrix server is Novell GINA (nwgina.dll).

When SecureLogin attempts to locate Novell GINA to provide passthrough credentials, if for some reason the server is running the Citrix GINA (ctxgina.dll), it fails to find the Novell Login window. To resolve this, change the default GINA to Novell GINA (nwgina.dll) under the registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.

Name	Type	Data
GinaDLL	REG_SZ	C:\windows\system32\nwgina.dll

Changing the GINA might make certain Citrix capabilities nonfunctional.

Scenario

SecureLogin enters the password, but not the username.

Possible Cause

Slina.dll failed to find the Novell client login window. Therefore, though the password is passed through, username is not, resulting in the Windows Security message Failed to login to the Windows Workstation.

Starting with version 4.9, Novell Client displays the version on the title bar (highlighted in the image below) of the Novell Login dialog box.

Slinas.dll on the Citrix server looks for the Novell Login dialog box with the title Novell Login, whereas the Novell Client post-4.9 versions (as in the above case) also suffixes the version details to the title.

Solution

The title string is determined by a registry key. You can edit this in the Citrix server itself.

1. On the Windows task bar, click Start > Run.

2. Type regedit in the Open field.

   The Registry Editor is displayed.

   WARNING:  Any improper registry editing can damage the system functionality. Therefore, be careful when making any registry change.

3. In the left panel, click HKEY_LOCAL MACHINE > SOFTWARE > Novell > NetWareWorkstation > CurrentVersion.

4. In the right panel, click Title.

   The Edit String dialog box is displayed.

5. Change the value data to Novell Login.

   
   

6. Click OK.

7. If necessary, create the following registry values:

   Name	Type	Data
   ProductName	REG_SZ	Novell Login

IMPORTANT:  If Novell Client is removed and then reinstalled or updated, the client installation program might change the title value data. Therefore, if any change is made to Novell Client on a Citrix/Terminal server, you should validate the title value data.

Verifying Slinac.dll Registration

To verify if the slinac.dll is registered properly, do the following:

• Registry Check: Ensure that slinac.dll is copied to Sys32 on your workstation.

• Notepad Script: To ensure that the SecureLogin client is able to read the workstation login credentials and store them in the ?sys variables, create a notepad.exe script to echo the values to a new notepad document.

  For details, refer to .

• slnmas.dll: Ensure that slnmas.dll is not installed on your workstation. If it is installed, delete it and restart the workstation.

Manual Configuration

All the Citrix manual configuration (and related) files are available in the following path of the SecureLogin 3.51.2 CD:

SecureLogin_cd\SecureLogin\Tools\Citrix Manual Configuration\Citrix

Use these files to manually configure Citrix passthrough and to troubleshoot passthrough authentication.