[Samba] Citrix Web Interface requires unix and windows passwords to match - never mind

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed Nov 28 20:58:27 GMT 2007 

I overlooked that I did have some Citrix Presentation Servers for Unix
as well-  so Citrix web interface would of course try to verify my
password on those machines as well.


---------- Forwarded message ----------
From: Gaiseric Vandal <gaiseric.vandal at gmail.com>
Date: Nov 28, 2007 3:35 PM
Subject: Citrix Web Interface requires unix and windows passwords to match.
To: Samba <samba at lists.samba.org>


I am running Samba 3.026a, Solaris 9 PDC.  Samba uses tdbsam password
backend.   Unix level accounts are NIS. I am not using password
syncing or winbind on Samba, and I have not configured the Windows
servers to use NIS through SFU or Cygwin.


The "Windows" domain includes several Windows 2000/2003 member servers
running  Citrix Presentation Server (aka Metaframe.)    When using the
Citrix ICA client, you use your windows (samba)  account and password.
 (The unix password doesn't matter.)

We are also running Citrix Web Interface  on two of the machines.
(IIS based.)   So you can log in to citrix with either the Citrix ICA
client or via a web page.     The Citrix web interface shows a list of
available citrix resources and provides a single sign on for all
citrix resources.   The citrix web interface also uses your windows
account and password.


I found that  in order to log in to the citrix web page your
Windows/Samba and Unix passwords need to match.    Citrix Web
Interface can be configured to use "Windows or NIS (UNIX)"  or "NDS."
I have it set for "Windows or NIS (UNIX)."     You can't specify
either NIS server or domain controller with Citrix Web Interface so
presumably it is relying on the underlying Windows authentication
routines.  (And Windows itself would have be configured for domain
membership,  NIS authentication, NDS etc.)  But even if Citrix Web
Interface was somehow authenticating directly via the NIS server, I
would still have expected to be able to login with my unix password
instead of my windows password (assuming the two were did not match.)

Is there any reason the samba server would attempt to compare the unix
and Windows passwords?  Would the samba server ever try to use the
unix password (beyond any password synchronization.)    Presumably the
Citrix Web Interface adding something to the password data being
passed to Samba.

Ideally the Windows and Unix passwords would always be synced (and for
most accounts they are, so this isn't really a show stopper.)  I would
appreciate insight into this though.

Thanks

More information about the samba mailing list