Manualshelf

Instruction manual

ManualsBrandsCitrix Systems ManualsSwitch9000 Series
919293949596979899100
Chapter 2 Installation, Configuration and Management
NetScaler 9000 Series Installation and Configuration Guide - Volume 1 2-73
NSICG60_DEC04
Other parameters may be necessary depending on the target RADIUS server's
configuration. Please refer to the "NetScaler 9000 Series Command
Reference" for complete details on other parameters for adding a RADIUS
action.
Next, the policy itself can be created, tying it to the newly created action.
> add authentication radiuspolicy NOC_RAD_POL "ns_true"
NOC_RAD_Server
Note that you must also include an expression as part of the authentication
policy. For authentication policies, only the 'ns_true' policy expression is
supported.
2.6.5.2 Binding an Authentication Policy
Once the desired authentication policy is configured on the system, it must be
bound to the system global entity with a priority in order to have the policy
take effect.
> bind system global NOC_RAD_POL -priority 1
To create a cascade of authentication servers, all that is necessary is to create
the desired policies and then bind each of them to the system global entity. To
define the order of the cascade, bind the policies with increasing priority
values so that the first policy to be evaluated has the lowest priority value.
Note that the onboard NetScaler authentication system is always consulted
last in every user authentication process. Even in the case where only a single
user authentication policy is bound to system global, the user will be
authenticated against the onboard authentication mechanism if authentication
with the policy-defined server fails.
2.6.6 Configuring DNS on the NetScaler System
If you need to enable DNS lookups on your NetScaler 9000 system you will
need to do the following:
1. Execute the ‘shell’ command in the nscli.
2. Change to the /nsconfig directory with the ‘cd /nsconfig’ command.
3. Create a new file in this directory titled ‘resolv.conf’.
4. Open this file for editing using vi. Add a standard entry for a resolv.conf
file as shown in the example below. Substitute the correct nameserver IP
address and domain information for your network.