Anonymous_User Absent Member.
Absent Member.
4049 views

Contextless login and Citrix

v4.91 client on Windows 2003 & Presentation Server 4.0. It seems the
LDAP contextless login feature of the client only works "interactively"
- i.e. the TAB key is pressed or mouse is used to move from username to
password field. This means contextless login when passing authentication
details from CTXGina.dll to NWGina.dll doesn't work - there's no LDAP
lookup until the user changes something.

Are there any plans to modify lgncxw32.dll so that an LDAP search is
done if credentials are already passed through from another GINA?

Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Contextless login and Citrix

A work-around is to edit the default NW client location profile to be
blank - untick save profile after successful login. Each new user will
have to enter their login name to the blank field upon login to Citrix.
Graham
"Kenny Anderson" <KAnderson@REMOVEbcwgroup.com> wrote in message
news:6Lm9f.2262$OC3.2037@prv-forum2.provo.novell.com...
> v4.91 client on Windows 2003 & Presentation Server 4.0. It seems the
> LDAP contextless login feature of the client only works "interactively"
> - i.e. the TAB key is pressed or mouse is used to move from username to
> password field. This means contextless login when passing authentication
> details from CTXGina.dll to NWGina.dll doesn't work - there's no LDAP
> lookup until the user changes something.
>
> Are there any plans to modify lgncxw32.dll so that an LDAP search is
> done if credentials are already passed through from another GINA?
>



0 Likes
Highlighted
Anonymous_User Absent Member.
Absent Member.

Re: Contextless login and Citrix

Graham Prentice wrote:
> A work-around is to edit the default NW client location profile to be
> blank - untick save profile after successful login. Each new user will
> have to enter their login name to the blank field upon login to Citrix.


Thanks Graham - I hadn't thought of it. Of course, this means another
occasion where the user is prompted to enter their name and password,
which we're trying to do away with as much as possible.

I'm hoping such a simple change to the invocation order in the GINA will
make it to a FTF any day ... or am I being optimistic?
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Contextless login and Citrix

I believe Citrix has full NDS support - you may want to try the Citrix
forums about this.
We use Metaframe XP with nfuse - we also use username & password twice - it
is a little inconvienent but works nicely. (I think the remote home users
see it as more secure)
When we orig set it up - there was NW contextless support back then but I
couldn't get it to work properly - but didn't try too hard. (as a work
around we blanked out the NWclient username fields and set a Citrix
setting - adv conn settings - prompt for password)
We are starting to look at upgrading to PS4 and hope to just login once this
time.
Graham
"Kenny Anderson" <KAnderson@REMOVEbcwgroup.com> wrote in message
news:4h%9f.855$NC.253@prv-forum2.provo.novell.com...
> Graham Prentice wrote:
>> A work-around is to edit the default NW client location profile to be
>> blank - untick save profile after successful login. Each new user will
>> have to enter their login name to the blank field upon login to Citrix.

>
> Thanks Graham - I hadn't thought of it. Of course, this means another
> occasion where the user is prompted to enter their name and password,
> which we're trying to do away with as much as possible.
>
> I'm hoping such a simple change to the invocation order in the GINA will
> make it to a FTF any day ... or am I being optimistic?



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Contextless login and Citrix

Graham Prentice,
> I believe Citrix has full NDS support - you may want to try the Citrix
> forums about this.
>

Yes. There is a very good whitepaper available from Novell about this.

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Contextless login and Citrix

Anders Gustafsson wrote:
> Graham Prentice,
>
>>I believe Citrix has full NDS support - you may want to try the Citrix
>>forums about this.
>>

>
> Yes. There is a very good whitepaper available from Novell about this.


It depends on your definition of "full NDS support". I've no idea if PS4
has fixed it, but PS3 would NOT session share when using NDS. It also
meant using Zen's DLU to create a Windows account, but as we've got
DirXML doing it's thing ...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Contextless login and Citrix

This is from the Citrix Presentation Server 4 readme:

LDAP NDS Context Lookup

By default, eDirectory does not give anonymous connection access to the cn
attribute, which is required for contextless logon. For information about
how to reconfigure eDirectory, visit http://developer.novell.com/. [#112586]

Citrix recommends that you do not enable contextless authentication in
conjunction with two-factor authentication.

The following parameters are added to WebInterface.conf:

Parameter - NDSContextLookupServers

Description - Specifies the LDAP servers to use. If the port is not
specified, it is inferred from the protocol: ldap for the default LDAP port
(389), or ldaps for the default LDAP over SSL port (636). A maximum of 512
servers is supported. If this parameter is empty or not present, the
contextless logon functionality is disabled.

Values - None. ldap://[:]|ldaps://[:],...

Site Types - MetaFrame Presentation Server, Program Neighborhood Agent
Services



Parameter - NDSContextLookupLoadbalancing

Description - Specifies whether or not to load balance the configured LDAP
servers.

Values - On, Off

Site Types - MetaFrame Presentation Server, Program Neighborhood Agent
Services

Graham

"Kenny Anderson" <KAnderson@REMOVEbcwgroup.com> wrote in message
news:_Mpbf.510$u%.228@prv-forum2.provo.novell.com...
> Anders Gustafsson wrote:
> > Graham Prentice,
> >
> >>I believe Citrix has full NDS support - you may want to try the Citrix
> >>forums about this.
> >>

> >
> > Yes. There is a very good whitepaper available from Novell about this.

>
> It depends on your definition of "full NDS support". I've no idea if PS4
> has fixed it, but PS3 would NOT session share when using NDS. It also
> meant using Zen's DLU to create a Windows account, but as we've got
> DirXML doing it's thing ...



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.