Here is a good one - we use Novell BorderManager (what a pile of s*!t) with Metaframe 1.8/NDS for NT (an even bigger pile of....). When the first user logs on and runs IE 5, they are authenticated by the proxy and can access the web - however, subsequent users are then able to access the web without further authentication. All web page accesses are logged against the first user! Obviously, this blows any web use monitoring out of the water. This will obviously be true for all NT Terminal Server installations too. Does anyone have any ideas or fixes? Citrix, as usual, are ignoring all posts to their site with this problem. Has anyone else noticed that they seem to be conveniently blind to the hard questions? They should at least post a response to say "Yeah its a known problem, we know about it, AND ARE WORKING ON IT."
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Proxy Authentication Problems
- Thread starter wilsona
- Start date
- Thread starter
- #2
I've just found a Novell document, TID 10051674:
Symptom
Users running SSL with the Metaframe server are not prompted for login.
First user is able to bring up SSL authentication configuration all other users are allowed through without login.
Cause
When the client sends a request to the BorderManager Proxy, the Proxy checks if the user is authenticated. The authentication is based mainly by IP address, Proxy then recognizes the IP address of the Metaframe server as already being authenticated and grants access, so long as the access rules permit it.
A Metaframe is a one to many relationship, which is one server with many terminals attached using the same IP address. Once one person has authenticated all others attached to this IP address also receive authentication.
A Metaframe is like a telnet session. All the processing actually occurs on the Metaframe box. Although that Metaframe box has multiple different client sessions open (one for each connection), there is still only one stack, one listening process. You can never have more than one service listening on the same IP address/port address combination. It is no different on the Metaframe.
Fix
SSL on a Metaframe is not supported with BorderManager 3.0. It is, however, supported with BorderManager 3.5 with at least BM35C09.EXE applied
Symptom
Users running SSL with the Metaframe server are not prompted for login.
First user is able to bring up SSL authentication configuration all other users are allowed through without login.
Cause
When the client sends a request to the BorderManager Proxy, the Proxy checks if the user is authenticated. The authentication is based mainly by IP address, Proxy then recognizes the IP address of the Metaframe server as already being authenticated and grants access, so long as the access rules permit it.
A Metaframe is a one to many relationship, which is one server with many terminals attached using the same IP address. Once one person has authenticated all others attached to this IP address also receive authentication.
A Metaframe is like a telnet session. All the processing actually occurs on the Metaframe box. Although that Metaframe box has multiple different client sessions open (one for each connection), there is still only one stack, one listening process. You can never have more than one service listening on the same IP address/port address combination. It is no different on the Metaframe.
Fix
SSL on a Metaframe is not supported with BorderManager 3.0. It is, however, supported with BorderManager 3.5 with at least BM35C09.EXE applied
- Status
Similar threads
- Locked
- Question