How to Configure NetScaler to Use Active Directory Authentication and Privileges

This article describes how to allow Active Directory users to log on to NetScaler with Active Directory credentials and have appropriate privileges assigned to manage the NetScaler.

Add Authentication Server

To add an authentication server, complete the following procedure from the graphical user interface of NetScaler:

1. ClickSystem>Authentication>LDAP>Servers>Add.

   然后您可以配置参数the LDAP server in theCreate Authenticationdialog box, as shown in the following screen shot:
   
   

2. Specify the required information to define the LDAP Server.
   The required fields are:

   • Name*- Name of the server.

   • Authentication Type- The authentication type, in this scenario is LDAP.

   • Server– The IP address and TCP port used by the LDAP server.

   • Base DN– The base, or node from where the ldapsearch should start.

   • Bind DN– The full distinguished name that is used to bind to the LDAP server.

   • Bind DN Password– The password for the Bind DN account.

   • Confirm Bind DN Password– The password for the Bind DN account.

   • Login Name– The name attribute used by the NetScaler appliance to query the external LDAP server or an Active Directory.

   • Search Filter– The string to be combined with the default LDAP user search string to form the value.

   • Group Attribute Name– The Attribute name for group extraction from LDAP server.

   • Sub Attribute Name– The Sub Attribute name for group extraction from LDAP server.

   • Security Type– Select Plaintext for non-secure LDAP communication or select TLS or SSL for secure LDAP communication.

3. ClickCreate.

4. Click the政策tab, then click theAddbutton:

   

5. Enter a name for the policy, select the server that you created in steps 2 and 3 from the drop-down menu.

6. In theExpressiontext field, typens_true,then clickCreate:

   

7. Click the policy that you just created to select it, then click theGlobal Bindingsbutton:

   

8. Select the policy that you previously created from the drop-down menu, then click theSelectbutton:

   

9. ClickBind,then clickDone.

Create Group

To add create a group on NetScaler, complete the following procedure from the graphical user interface of NetScaler:

1. ClickSystem>User Administration>Groups>Add:

   

2. Type the group name, which must exactly match the name of the Active Directory group, as configured in Active Directory Users and Computers on the server. This group name is that one that you would like to allow access to the NetScaler.
   Click theInsertbutton in the Command Policies section:

   

3. Select the appropriate policy that corresponds to the privilege level that you want to assign to the group.
   In this example, superuser is selected.
   Click theInsertbutton:

   

4. ClickCreate.

5. You should now be able to log into the NetScaler with the users assigned in Active Directory to the group that you just created on the NetScaler, and they should have the privilege level that you have assigned to them.

Sample LDAP Search Filter

In this article we have created an OU named Citrix Test, and in that OU, there is a group named Citrix Admins, and the users are located within that group. On the NetScaler, use the following search filter: memberOf=CN=Citrix Admins,OU=Citrix Test,DC=JKlab,DC=com.