- This topic has 7 replies, 4 voices, and was last updated 16 years, 2 months ago by
.
-
Posts
-
Our company recently purchased a couple Wyse terminals for testing and possibly implementing. Thanks to the resources on this site I have managed to accomplish most of our goals, but I am having trouble implementing NTLM login to our domain on one of the test units.
I have two Wyse units here on my desk, one is a VX0 running 6.0.0_14 and NTLM works perfectly as expected on it. The S10 unit I have is running 5.3.0_9 and no matter what I try it tells me invalid username/password when I try to login with NT domain credentials.
Any help or suggestions you could provide would be greatly appreciated!
My wnos.ini file is as follows:
;*************************************************************
;* *
;* This wnos.ini file was generated with the *
;* Configuration File Generator *
;* Copyright by Thomas Moellerbernd *
;* *
;*************************************************************
;*************************************************************
;* General 1 *
;*************************************************************
autoload=0
Privilege=High
;*************************************************************
;* General 3 *
;*************************************************************
NoticeFile=notice.txt Resizable=yes Timeout=100
;*************************************************************
;* Input Devices *
;*************************************************************
Language=Us
;*************************************************************
;* Display *
;*************************************************************
Resolution=1280x1024 Refresh=60
DeskColor="0 0 0"
Desktop=kdmcballa.bmp Layout=Center
Screensaver="5" LockTerminal=yes Type=2 Image=kdmc.bmp
ShutDownInfo=yes
;*************************************************************
;* Time *
;*************************************************************
Timeserver=dc1.kdmc.local Timeformat="24-hour format" Dateformat=mm/dd/yyyy
TimeZone='GMT - 05:00' ManualOverride=yes Daylight=yes Start=030507 End=100507 TimeZoneName="Eastern Standard Time" DayLightName="Eastern Daylight Time"
;*************************************************************
;* Network *
;*************************************************************
SignOn=NTLM ConnectionManager=Hide EnableOK=Yes DisableGuest=yes
PasswordServer=pna.kdmc.local
MaxVNCD=1
VncPassword="MABBMGBGMABB" Encrypt=yes
VncPrompt=Yes Accept=10
;*************************************************************
;* ICA *
;*************************************************************
IcaBrowsing=UDP
Seamless=yes HideTaskBar=Yes FullscreenReserved=yes
PnliteServer=172.31.6.11
DomainList=kdmc
Hi,
I guess you are using a Windows 2003 domain.
I know there is an issue with Windows 2003 as per default NTLM compatibility is switch off there.
Search MS website to fins a tip on how to enable it again. I don’t have my notes in front of me otherwise I would have posted it here.Cheers
CGHi,
I did some work on this recently for an article on this site, you will need to set two reg settings on your domain controller. Check out the white paper in this download, the keys are at the end of the article:
Of course NTLM is an old authentication method and not as strong as Kerberos, Microsoft decided to turn off accepting this in pure AD 2003 domains. You will have to be OK to accept the security implication before making this change.
Cheers,
-TTI just read your wnos.ini,
You are using ICA so do you need NTLM? Why not just use signon=1, this will allow authentication via the PNliteserver=
Signon=NTLM can be useful in RDP only environments,
Cheers,
-TTChanging the config to signon=1 accomplished what I was looking for.
Thanks for all of your help!!!
I read thoroughly all of the material in “Using VDI with NTLM Authentication and No Connection Broker” and I absolutely love the option- it gives me everything I want for a smooth end user ride– except:
I’m running a mixed environment of RDP connections, phasing out Server 2003 Terminal servers in favor of Parrallels Virtuoso VDI environments with a mix of V10’s and ThinStation PC’s as they die out.
I have a problem logging onto a V10 using NTLM, as an example, if the user password has expired or I have reset the password in AD (server 2003) and forced an immediate password expiration. AD seems to treat the password as invalid as the V10 is unable to launch a Window to force the password change right then. My only choice seems to be to not force the password change after resetting the password, then I have to turn off auto-launching the RDP session to connect to the users VDI so I can force the password change before they go into their VDI, where they can change their password, then set the user’s ini to autolaunch again after that– otherwise I go into a loop.
If users didn’t wait until they see the whites of the eyes of a password change, this would be rare, but I know my people well enough to know I need out of this issue!
Any one else see it or have a solution?
Hi Ivor,
Yes it almost a great solution except for the password change. Unfortunately I do not know of a solution to this currently but maybe ConfGen has an idea – ConfGen?
Glad you liked the no broker article, it took some time to put together 🙂
Cheers,
-TTHave you tried the Wyse USB virtualizer, it “should” allow your encryption software to see the USB stick natively and allow it to work.
Now you have a V10L get the USB software from the downloads – TCX section of wyse.com. Next get the match V10L firmware and an evaluation key from wyse sales. You put the eval key into the wnos.ini, you will need three lines in the wnos.ini to set this up:
#TCX Eval keys, separate with a comma if you have more than one
TCXlicense=xxxx-xxxx-xxxxx-xxxx-xxxx#Set up a time server or key will not work:
TimeServer=#Enable USB but trun off RDP USB mapping
SessionConfig=All MapDisks=NoI would love to hear if your software works with USB re-direction,
Cheers,
-TT
- You must be logged in to reply to this topic.