Thursday, January 8, 2009

[THIN] Re: netscalers and smartcards (CAC) - who's using them?

Is it possible to have the Netscaler handle the authentication with the smart card and then just treat WI the normal way, i.e. pass through the AD credentials??

 

 

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85266

(602) 432-8649

www.thinclient.net

steveg@thinclient.net

 


From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Steve Snyder
Sent: Thursday, January 08, 2009 2:14 PM
To: thin@freelists.org
Subject: [THIN] Re: netscalers and smartcards (CAC) - who's using them?

 

Correct, although we were hoping that pass-through would work. I'm pretty sure we tried both ways for the WI (pass-through and not-pass-through) and both ways it (the WI) keeps prompting for credentials.

On Fri, Jan 9, 2009 at 8:57 AM, Steve Greenberg <steveg@thinclient.net> wrote:

Just to be clear, you do not have the Netscaler handling authentication for the WI? Is that correct? I.e. you login in to the SSL VPN and then you login with your smart card to the WI??

 

 

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85266

(602) 432-8649

www.thinclient.net

steveg@thinclient.net

 


From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Steve Snyder
Sent: Thursday, January 08, 2009 1:43 PM
To: thin@freelists.org
Subject: [THIN] Re: netscalers and smartcards (CAC) - who's using them?

 

I.m perusing it and trying to compare - the interface is quite different for 8.1

The on diff I so see is the Configure Auth Server - they had me enter SubjectAltName:PrincipalName in the user field and left the group field blank

I don't know if that's something that will vary with CACs/certs, but it's worth a try.

On Thu, Jan 8, 2009 at 4:03 PM, <peter_dibbens@yahoo.co.uk> wrote:

Hi,

 

Have you seen this article http://support.citrix.com/article/ctx116373.

I can vouch that the certificates components work as expected. You must also configure all the prerequisites for WI Pass-through.

 

Thanks Pete

 

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Steve Snyder
Sent: Thursday, 8 January 2009 10:40 AM


To: thin@freelists.org
Subject: [THIN] netscalers and smartcards (CAC) - who's using them?

 

and what did you have to do to get the WI to come up properly?



We're trialing a NS 8.1 in our DMZ - the VPN tunnel connects and it starts to load the WI site but the smartcard (CAC) authentication just doesn't fly. Citrix is scratching their heads.

 

 

No comments: