How to Configure NetScaler to Use Active Directory Authentication and Privileges

Add Authentication Server

To add an authentication server, complete the following procedure from the graphical user interface of NetScaler:

  1. Click System > Authentication > LDAP > Servers > Add.

    You can then configure the parameters for the LDAP server in the Create Authentication dialog box, as shown in the following screen shot:

    User-added image

  2. Specify the required information to define the LDAP Server.

    The required fields are:

    • Name* – Name of the server.

    • Authentication Type – The authentication type, in this scenario is LDAP.

    • Server – The IP address and TCP port used by the LDAP server.

    • Base DN – The base, or node from where the ldapsearch should start.

    • Bind DN – The full distinguished name that is used to bind to the LDAP server.

    • Bind DN Password – The password for the Bind DN account.

    • Confirm Bind DN Password – The password for the Bind DN account.

    • Login Name – The name attribute used by the NetScaler appliance to query the external LDAP server or an Active Directory.

    • Search Filter – The string to be combined with the default LDAP user search string to form the value.

    • Group Attribute Name – The Attribute name for group extraction from LDAP server.

    • Sub Attribute Name – The Sub Attribute name for group extraction from LDAP server.

    • Security Type – Select Plaintext for non-secure LDAP communication or select TLS or SSL for secure LDAP communication.

  3. Click Create.

  4. Click the Policies tab, then click the Add button:

    User-added image

  5. Enter a name for the policy, select the server that you created in steps 2 and 3 from the drop-down menu.

  6. In the Expression text field, type ns_true, then click Create:

    User-added image

  7. Click the policy that you just created to select it, then click the Global Bindings button:

    User-added image

  8. Select the policy that you previously created from the drop-down menu, then click the Select button:

    User-added image

  9. Click Bind, then click Done.

Create Group

To add create a group on NetScaler, complete the following procedure from the graphical user interface of NetScaler:

  1. Click System > User Administration > Groups > Add:

    User-added image

  2. Type the group name, which must exactly match the name of the Active Directory group, as configured in Active Directory Users and Computers on the server. This group name is that one that you would like to allow access to the NetScaler.

    Click the Insert button in the Command Policies section:

    User-added image

  3. Select the appropriate policy that corresponds to the privilege level that you want to assign to the group.

    In this example, superuser is selected.

    Click the Insert button:

    image.png

  4. Click Create.

  5. You should now be able to log into the NetScaler with the users assigned in Active Directory to the group that you just created on the NetScaler, and they should have the privilege level that you have assigned to them.

Sample LDAP Search Filter

In this article we have created an OU named Citrix Test, and in that OU, there is a group named Citrix Admins, and the users are located within that group. On the NetScaler, use the following search filter: memberOf=CN=Citrix Admins,OU=Citrix Test,DC=JKlab,DC=com.

Related:

Leave a Reply