© 1999-2017 Citrix Systems, Inc. All rights reserved. p.155https://docs.citrix.com
Configuring the External Authentication Server
Oct 04 , 2016
The Management Service can authenticate users with local user accounts or by using an external authentication server.
The appliance supports the following authentication types:
Local— Authenticates to the Management Service by using a password, without reference to an external
authentication server. User data is stored locally on the Management Service.
RADIUS— Authenticates to an external RADIUS authentication server.
LDAP— Authenticates to an external LDAP authentication server.
TACACS— Authenticates to an external Terminal Access Controller Access-Control System (TACACS) authentication
server.
To configure an external authentication, specify the authentication type, and configure an authentication server.
Adding a RADIUS Server
To configure RADIUS authentication, specify the authentication type as RADIUS, and configure the RADIUS
authentication server.
Management Service supports RADIUS challenge response authentication according to the RADIUS specifications. RADIUS
users can be configured with a one-time password on RADIUS server. When the user logs on to NetScaler SDX appliance
the user is prompted to specify this one time password.
To add a RADIUS server
1. On the Configuration tab, under System, expand Authentication, and then click Radius.
2. In the details pane, click Add.
3. In the Create Radius Server dialogue box, type or select values for the parameters:
Name*— Name of the server.
IP Address*— Server IP address.
Port*— Port on which the RADIUS server is running. Default value: 1812.
Time-out*— Number of seconds the system will wait for a response from the RADIUS server. Default value: 3.
Secret Key*— Key shared between the client and the server. This information is required for communication between
the system and the RADIUS server.
Enable NAS IP Address Extraction—If enabled, the system's IP address (Management Service IP) is sent to the server
as the "nasip" in accordance with the RADIUS protocol.
NASID— If configured, this string is sent to the RADIUS server as the "nasid" in accordance with the RADIUS protocol.
Group Prefix— Prefix string that precedes group names within a RADIUS attribute for RADIUS group extraction.
Group Vendor ID— Vendor ID for using RADIUS group extraction.
Group Attribute Type— Attribute type for RADIUS group extraction.
Group Separator— Group separator string that delimits group names within a RADIUS attribute for RADIUS group
extraction.
IP Address Vendor Identifier— Vendor ID of the attribute in the RADIUS which denotes the intranet IP. A value of 0
denotes that the attribute is not vendor encoded.
IP Address Attribute Type— Attribute type of the remote IP address attribute in a RADIUS response.
Password Vendor Identifier— Vendor ID of the password in the RADIUS response. Used to extract the user password.
Password Attribute Type— Attribute type of the password attribute in a RADIUS response.
Password Encoding— How passwords should be encoded in the RADIUS packets traveling from the system to the
To Next Page
Loading...
Need help?
General
