How to enable fallback for local authentication on ADC when External authentication fails

Step 1:

Disable “Local authentication” under global system settings parameters


set system parameter localAuth DISABLED


System > Settings > Change Global system settings

Step 2:

Create a LDAP policy and bind the same to System Global binding using Priority 100

Create a LOCAL policy and bind it to System Global using Priority 110

Step 3:

Add management user to Netscaler whose request should fall back to Local if External server fails

Bind the appropriate command policy to the user1.

user1 is only in local database (ADC db)

user2 is on LDAP and local

We can validate the authentication in aaad.debug logs

For user1, The LDAP rejected the user and then fall back to local db

For user2, the authentication went to LDAP server first and authentication succeeded


Leave a Reply