|
|
配置Receiver客户端无需输入密码,自动登录StoreFront站点,获取应用:
On a recent project we were using XenDesktop 7 to publish a users desktop. When rolling out the receiver client (v4) or the standard version of receiver (3.4) we discovered that the user needed local admin rights when installing to enable the SSO functionality. This is something the users didn’t have…
To fix this I wrote a script to automatically run a second script as an elevated user. While this worked in test, it failed in roughly half of the installations. As such we had a long job of manually checking each client to make sure the client was installed, or to roll back and install version 3.4 enterprise – this version doesn’t require admin right for SSO to work.
However, with Storefront 2.1 the legacy PNAgent doesn’t support SSO out of the box. As it took us quite a while to track down I thought I would post the modifications requires to get this to work..
Firstly get Storefront working, enable domain pass through authentication and enable the legacy PNAgent config. You would think this is all you need to do… wrong!
Now, open up the config.aspx file from C:\inetpub\wwwroot\Citrix\<StoreName>\Views\PnaConfig\
File the section shown below;
<Logon>
<LogonMethod><%= ViewData[PnaConfigViewConstants.LogonMethodId]%></LogonMethod>
<EnableSavePassword>false</EnableSavePassword>
<EnableKerberos><%= ViewData[PnaConfigViewConstants.EnableKerberosId] %></EnableKerberos>
<SupportNDS>false</SupportNDS>
<NDS_Settings>
<DefaultTree></DefaultTree>
</NDS_Settings>
</Logon>
and replace with;
<Logon>
<LogonMethod>sson</LogonMethod>
<EnableSavePassword>false</EnableSavePassword>
<EnableKerberos>false</EnableKerberos>
<SupportNDS>false</SupportNDS>
<NDS_Settings>
<DefaultTree></DefaultTree>
</NDS_Settings>
</Logon>
Next, open the web.config file from C:\inetpub\wwwroot\Citrix\<StoreName>
find the line;
<pnaProtocolResources changePasswordAllowed=”Never” logonMethod=”prompt”
kerberosEnabled=”false” changePasswordMethod=”Proxy” changePasswordUrl=””>
and replace with;
<pnaProtocolResources changePasswordAllowed=”Never” logonMethod=”sson”
kerberosEnabled=”false” changePasswordMethod=”Proxy” changePasswordUrl=””>
Once you have made these changes the client will then login using pass through and the desktop will displayed – that it if you have installed the client correctly!
To install the client use the following syntax to auto add the store and enable SSON
CitrixReceiverEnterprise.exe /includeSSON /ENABLE_SSON=Yes STORE0=â<DISPLAYNAME>;https://SERVERNAME.DOMAIN/Citrix ... t;/discovery;on;App Storeâ
You will also need to make sure the policy is enabling SSON as per http://support.citrix.com/article/CTX133855
If you receive an error about the credentials are not correct then the web.config file in the root of the store has not been modified correctly.
You can then roll out the Citrix Receiver 3.4 enterprise client to your users and have them connect to the desktop seamlessly!
Not only that, but DesktopLock will then also work if you want to lock down the PC further and force them into the desktop – Something else you can’t do with the latest version of receiver – well, not without my custom lock script…
UPDATE: PLEASE NOTE!! If you disable or update the legacy PNAgent settings in storefront you will lose the config and have to re-do it again from scratch.
源自:http://blog.lyon-marrian.com/201 ... ith-storefront-2-1/
参考:https://support.citrix.com/article/CTX133982
|
|
发表于 2017-8-30 14:39:36
