Manualshelf

Instruction manual

ManualsBrandsCitrix Systems ManualsSwitch9000 Series
919293949596979899100
Chapter 2 Installation, Configuration and Management
2-72 NetScaler 9000 Series Installation and Configuration Guide - Volume 1
NSICG60_DEC04
In order to avoid these conflicts, keep in mind the command policy
search procedure and policy ordering when using groups to organize
your system users.
2.6.5 External Authentication for System Users
The NetScaler 9000 series supports the use of authentication policies for
establishing external authentication of configured system users. Simple single
server configurations can be created with policies by binding an
authentication policy to the system global entity. In addition, a cascade of
authentication servers can be configured by binding multiple policies to
system global. If no authentication policies are bound to system users, system
users are authenticated by the NetScaler onboard system.
Note: System users must be configured on the NetScaler system before
external authentication can succeed for them. You must create an
onboard system user for all those users who are to access the system
in order to bind command policies to them. Regardless of
authentication source, system users cannot log in if they are not
granted minimally sufficient command authorization via bound
command policies.
2.6.5.1 Creating an Authentication Policy
With the NetScaler authentication system, RADIUS, LDAP, TACACS+, and
NT4 authentication systems are supported. For this example, a RADIUS
based authentication server will be configured by the resulting policy. If
another server type is needed in your configuration please refer to the
appropriate 'add authentication' command in the NetScaler 9000 Series
Command Reference" for complete relevant command details. The
fundamental policy structure and creation procedure are the same regardless
of authentication server type.
The first element needed to construct an authentication policy is an
authentication action, which lists the server specific parameters. For a
RADIUS server, the minimum parameters that the action must specify are the
server's IP address and the RADIUS key. The example here shows how to
create a RADIUS action.
> add authentication radiusaction NOC_RAD_Server
-serverip 10.125.0.25 -radkey nocknock