Home » KBArticles » Creating a Citrix NetScaler LDAP Authentication Policy for Users

Creating a Citrix NetScaler LDAP Authentication Policy for Users

In this walkthrough we will create an LDAP policy for basic users of the NetScaler to authenticate against things like a new Virtual NetScaler Gateway.

This profile however will be identical to the previous administrators policy, only we will be looking for another AD group. Instead of ‘Domain Admins’ we will look for users who are members of the LDAP group called ‘NetScaler Users’.

Step Description Screenshot
Log into your NetScaler

Expand System > Authentication > LDAP

Click the Servers Tab

Tick the already existing AUTHServer_LDAP

Click the Add button

Tip: Because we selected the already created server profile the configuration details of that profile will be automatically copied into this new policy as ‘defaults’

Note: The LDAP bind password is not copied when you duplicate these settings from a previously created policy so always be sure to re-enter them when creating additional AUTHSERVERS and test

Give the LDAP server profile a Name

e.g. AUTHSERVER_LDAP_NSUsers

Provide the following details of your LDAP server:

IP Address / or Name

Base DN

Admin Bind DN

Admin Password: Be Sure to RETYPE YOUR PASSWORD and click TEST

Server Logon Name Attribute: sAMAccountName

Group Attribute: memberof

Sub Attribute Name: cn

Note: In this guide we are using the following specific details as working examples

IP Address / or Name: 192.168.1.11

Base DN: CN=Users,DC=Home,DC=Local

Admin Bind DN: admin@home.local

Admin Password: <password>

Search Filter: memberof= CN=NetScaler Users,CN=Users,DC=home,DC=local

Note: You should use appropriate LDAP details for your environment. If you are unsure consult with your AD/LDAP/Authentication team.

Tip: You can connect to your AD controller or any Windows machine with the Remote Server Administration Tools (RSAT) installed to establish your base DN and admin bind DN by querying the accounts using dsquery user and dsquery group Examples:

If you need to obtain the Group details for the ‘Search Filter’

Click Test Connection and ensure your LDAP server is reachable

Note: The LDAP bind password is not copied when you duplicate these settings from a previously created policy so always be sure to re-enter them when creating additional AUTHSERVERS and test

Click Create at the bottom of the ‘Create Authentication LDAP Server’
Create another LDAP Policy to bind this new server profile to

Click the Policies tab

Tick the existing policy

Click Add

Note: Because we selected the already created server profile the configuration details of that profile will be copied freshly as a new Server Profile

Simply rename the policy to something new like AUTHPOL_LDAP_NSUsers

Link this new policy to the previously created server profile in steps 1-5 by selecting AUTHSERVER_LDAP_NSUsers from the drop down

Leave the Expression as is: ns_true

Click Create

Two LDAP Authentication policies now exist and can be used for authenticating users on the NetScaler

Note: The Administrators policy is the only policy presently bound to the NetScaler

NetScaler SSH Command References:

Create LDAP Server add authentication ldapAction AUTHSERVER_LDAP_NSUsers -serverIP 192.168.1.11 -ldapBase “CN=Users,DC=Home,DC=Local” -ldapBindDn admin@home.local -ldapBindDnPassword 1234123412341234123412341234123412341234123412341234123412341234 -encrypted -encryptmethod ENCMTHD_3 -ldapLoginName sAMAccountName -searchFilter “memberof= CN=NetScaler Users,CN=Users,DC=home,DC=local” -groupAttrName memberOf -subAttributeName cn
Create LDAP Policy add authentication ldapPolicy AUTHPOL_LDAP_NSUsers ns_true AUTHSERVER_LDAP_NSUsers

 

If you want to learn more about Citrix NetScaler check out our online NetScaler course at www.mastersof.cloud

Signup below to receive a free 200 page Citrix NetScaler Introduction guide!

[mc4wp_form id=”2763″]

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.