Can I incorporate LDAP user authentication with MS Terminal Services?


This article applies to:

  • R3000

Question:

Can I incorporate LDAP user authentication with MS Terminal Services?

Reply

With MS Terminal Services, R3000 authentication will not work because R3000 has no way of distinguishing which user generates web requests. Normally when users login to a thinclient, such MS Terminal Services or Citrix Server, any outgoing traffic they generate will have the server IP address as the source address.

Thus, multiple users will generate traffic from only one IP address. R3000 authentication works by binding a username and profile/Rule to an IP address. So if multiple users are coming from one IP address (e.g. the MS Terminal Server), then authentication should not be used as it can't distinguish which user generated the request.

The reason a thinclient such as Citrix would work is because Citrix has ability to use virtual IPs for each session. Thus, each user can be assigned a different and unique IP Address for the R3000 to associate with that user. Since MS Terminal services does not have this virtual IP address feature, there is no way to distiguish which user generated the packet on a packet by packet basis.

This article was previously published as:
8e6 KB 276446

Last Modified 2/25/2008.
https://support.trustwave.com/kb/KnowledgebaseArticle12278.aspx