Home » KBArticles » Binding a Citrix NetScaler Global LDAP Authentication Policy for Admins

Binding a Citrix NetScaler Global LDAP Authentication Policy for Admins

In this walkthrough we will create a LDAP policy for administrators of the NetScaler and bind it globally to the NetScaler

Step Description Screenshot
1 Log into your NetScaler

Expand System > Authentication > LDAP

Tick the newly created policy and click Global Bindings

 2 Click the > button to choose your newly created LDAP policy

Then click Select

Click Bind on the System Global Authentication LDAP Policy Binding Window

Click Done

3 Note: The LDAP Policy will have a green tick in the Globally Bound column, which means all members of the LDAP group you added in the ‘Search Field’ of the server policy will now be able to authenticate against the NetScaler as NetScaler system users

Granting AD Group Permissions to the NetScaler

In the previous step we created an LDAP policy and bound it globally to the NetScaler so that all users who are members of the Active Directory group Domain Admins would be able to authenticate against the NetScaler and access the WebGUI. However these users will not have permission on the NetScaler itself to perform any administrative tasks, so we must link the AD group to appropriate permissions on the NetScaler.

Step Description Screenshot
1 Example of error message when logging in as user ‘admin@home.local’

Not authorized to execute this command [show ns license]

[show ns feature]

Note: a user name of just ‘admin’ would also work

Here you can see that the user is able to authenticate, but not perform any tasks on the NetScaler.

 2 Log into the NetScaler as nsroot

Browse to > System > User Administration > Groups

Click the add button

 3 Type in Group Name: ‘Domain Admins’

Note: The NetScaler group name must match the LDAP group name and is Case SeNsiTiVE

4 Under Command Policies

Click Bind

Tick Sysadmin

Click Insert

5 Click Create
 6 Users who are members of Domain Admins group in Active Directory will now have the sysadmin role on the NetScaler
7 A list of other roles on the NetScaler and what can be assigned are listed here on the Citrix Website http://docs.citrix.com/en-us/NetScaler/10-1/ns-system-wrapper-10-con/ns-ag-aa-intro-wrapper-con/ns-ag-aa-config-users-and-grps-tsk.html

 

If you want to learn more about Citrix NetScaler check out our online NetScaler course at www.mastersof.cloud

Signup below to receive a free 200 page Citrix NetScaler Introduction guide!

[mc4wp_form id=”2763″]

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.