How to Configure NetScaler Gateway Preauthentication EPA Scan for Domain Check

NetScaler GUI

Complete the following steps to configure NetScaler Gateway preauthentication EPA scan for domain check:

  1. Log on to NetScaler Gateway and navigate to NetScaler Gateway > Policies > Preauthentication > Preauthentication Profiles (tab) > Add. Assign a Name for the new profile and choose Create.

    User-added image

  2. Switch to the Policies tab and choose Add to add a new policy.

    Provide a Name and under Request Action choose the previously created domain-scan-profile.

    User-added image

  3. A pop-up window will appear. Use the expression editor to select Windows to scan Windows based systems, then choose Domain Check.

    User-added image

  4. Select + to the right of the Domain Check option. In this case the check will be to see if ‘example.com’ is the domain suffix. Enter the Domain suffix and comment as shown in the following screen shot and click OK.

  5. Now select Create to create the new policy.

  6. To enable the policy it will now need to be bound to the virtual server. This is done by editing the virtual server itself.

    Navigate to the NetScaler Gateway > Virtual Servers section and select the virtual server and then choose the Edit option. Allow the HTML page to load and towards the bottom of the resulting web page there will be section called Policies.

  7. Choose the + symbol in the top right of the Policies section.

  8. A selection box will appear. Change the Policy type under Choose Policy to Preauthentication and choose Continue.

    User-added image

  9. In the Choose Type section, select the policy created for domain scan under Select Policy and then click Bind button.

    User-added image

  10. Click OK and it should show the other policies as well as the new preauthentication policy bound to the virtual server.

  11. Once the scan has been enabled, test it with a suitable client that has domain membership matching the setting in the policy. Then repeat with a non-confirming client to verify the functionality of the new policy.

NetScaler CLI

To enable preauthentication policy for domain check, run the following command from CLI:

add aaa preauthenticationpolicy <policy name> “CLIENT.SYSTEM(DOMAIN_SUFFIX_anyof_<domain>[COMMENT: Domain check]) EXISTS” <Action Name>


NOTE : Domain is the Microsoft ActiveDirectory domain (not the old NT Domain), and to get this information, enduser need to type command “gpresult /V” in Windows CLI .

Related:

Leave a Reply