Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

4.83 sp1 and Win2k Terminal Services

0 views
Skip to first unread message

Alan Thompson

unread,
Mar 19, 2003, 6:48:24 AM3/19/03
to
We have a Windows 2000 server running Terminal Services. The latest Netware
client is installed on this server.

Under the Terminal Services Configuration, Ive set the ICA-TCP connection to
"Use standard Windows authentication".

The idea is the NWClient login is hidden behind the Windows login, and the
username + Password entered in the Windows login is "passed through" to the
NWClient silently.
This doesn't work though, as the client gives the error "Netware security
message - The system could not log you into the Network". It then asks for
the password again (the username is carried through and filled in from the
previous dialog.).

The end result needs to be a semless single login, as the passwords and
usernames are the same for NW and NT. If I use the Netware login dialog, the
user has to enter the username in both the NW login AND the Windows Tab
EVERY TIME. If I set the "remember details on succesfull login" in the
NWClient properties, it remembers the last users name each time, which is
not ideal when more than just the one person is using that machine (more
than one thin sessions)

Any ideas?

Tia
Alan


Tony Pedretti

unread,
Mar 19, 2003, 9:56:59 AM3/19/03
to
Alan,

I think what you're running into is an issue with the passing order.
"Currently the Novell GINA does not allow chaining behind it, but other
GINAs can be chained in front of it (such as PCAnywhere32)."...

Using a 3rd Party GINA with the Novell Client
http://support.novell.com/servlet/tidfinder/2950350

How does NWGINA work?
http://support.novell.com/servlet/tidfinder/10059511

Tony Pedretti
TransUnion LLC


Alan Adams

unread,
Mar 19, 2003, 10:04:17 AM3/19/03
to
If your intent is to authenticate to both NDS and Windows, it would
seem more practical to disable "Use standard Windows authentication"
so that you're displaying the Novell login instead of the Windows
login dialog.

Not only because the Novell login dialog knows how to simultaneously
authenticate you to both NDS and Windows, but because it will give the
user an opportunity to indicate their NDS context when necessary.

Even if "the username + Password entered in the Windows login is
'passed through' to the NWClient silently" (which I'm not sure whether
it can or cannot be done, even in non-Terminal Services scenarios),
the NDS authentication would have to be defaulting to some single
pre-defined NDS context & NDS tree (since the Windows login will not
be collecting or passing NDS context or tree information). This may
even be part of why the authentication isn't happening transparently
for you now.

If you allow the Novell login dialog to appear, setting the Windows
"DontDisplayLastUserName" policy goes part of the way towards not
displaying the last logged-in user's information. But more completely
what you would want to do is edit the default "Location Profile" (in
the Novell client properties) and set the NDS tree & context to what
you want to be displayed on the login dialog by default. Then blank
out the Windows and NDS "Username:" fields in the location profile,
and turn off the "Save after successful login" checkbox. That way
every time the Novell login dialog is displayed, the user doesn't have
to remove the previous user's username and they can expect the default
NDS context and NDS tree to be consistent.

"Alan Thompson" <atho...@ultra-pmes.com> wrote:


Alan Adams, MCNE

Phillip E. Thomas

unread,
Mar 21, 2003, 5:25:18 AM3/21/03
to
You don't say that you are running Metaframe, but since you refer to
ICA-TCP, I guess you are.

When you set the ICA protocol to "Use Standard Windows Authentication", that
sets the server to use the Microsoft GINA, not the Citrix Gina. But since
you have a Netware Gina in the mix, it is inadvertently bypassed as well.

I have also seen this problem with Metaframe, and the username/password is
not the problem. It is being passed through to the Netware GINA ok. The
different user contexts are what is failing.

Our solution to this is to use the NWGina on Metaframe, get rid of the
client passthrough authentication, and use a common context for login that
contains aliases to all our users (aliases created by Cenralise LYCX). We
came up with this in the absence of a true contextless login solution for
the Novell client.

"Alan Adams" <add...@withheld.com> wrote in message
news:et0h7vg3ld0etvcp1...@4ax.com...

Stephen Donato

unread,
Mar 23, 2003, 11:47:27 PM3/23/03
to
Alan Thompson wrote:

Do you have single sign-on using ZENWorks objects set up in your NDS
tree? How are your other win2k/XP/NT boxes authenticating on your network?

sd

0 new messages