Message-ID: <3E2D1B0F.2132.1969605D@localhost>
From: stk at ahs.hist.no (Steinar Kleven)
Subject: Citrix Metaframe and Netware (bugtrack id 6641)

read http://online.securityfocus.com/bid/6641/discussion/ first.

To recreate the issue you will need:
Metaframe XP(e) on Windows 2000
Netware client 4.83
One or more printers installed on the Metaframe server where the 
queues are on a Netware server

There might be prior versions of Metaframe and/or Netware client 
also having this problem, please do research on your current setup.


1) Login to a metaframe server on the console as a 'workstation 
only' user

2) Login to the Metaframe server through a Citrix ICA client (also 
workstation only)

3) In the ICA session, make sure you are *not* logged into Netware 
network and then go to Start->Settings->Printers or just start Word 
and try to select one printer who has a queue on a netware server. 
This session will seem to hang.

4) Go to the console on the Metaframe server and wait a few 
seconds you will get a Netware login dioalog asking you to 
authenticate to the Netware server/NDS.
On the console, type in admin user and password for the Netware 
server/tree.

5) Now, in the ICA session, which will not hang anymore, try to figure 
out your permissions on the Netware server/tree. You will probably 
find you have the exact same rights as the authenticated user on the 
Metaframe console. In fact, not only the rights, but your entire ICA 
session *is* logged in as the user on the Metframe console.

The workaround for this issue is to tweak the registry settings for the 
Netware client to not prompt for login because of printer 
requirements.
http://support.novell.com/cgi-
bin/search/searchtid.cgi?/10024829.htm

The exact settings are:
HKLM\SOFTWARE\Novell\Print\Never Login\Never Login = 1
HKLM\SOFTWARE\Novell\Print\Never Login\UseDialupSettings = 0

This issue is reported to Citrix

Steinar Kleven

Powered by blists - more mailing lists