-
Configure NetScaler Gateway to use RADIUS and LDAP Authentication with Mobile Devices
-
Restrict access to NetScaler Gateway for members of one Active Directory group
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Restrict access to NetScaler Gateway for members of one Active Directory group
NetScaler Gateway supports two methods of restricting logon access.
- LDAP Search Filter – Only user names that match the LDAP Search Filter (for example, Active Directory group membership) can log on to NetScaler Gateway.
- Groups allowed to log on in a NetScaler Gateway session policy or profile – This method supports multiple Active Directory groups. For details see https://support.citrix.com/article/CTX125797.
This article describes the LDAP Search Filter method.
Overview
When a user enters the credentials on the logon page of the NetScaler Gateway virtual server and presses ENTER, the appliance first searches the Active Directory (LDAP) for the user name. If an LDAP Search Filter is not defined in the LDAP policy or the server, then the appliance searches all Active Directory user names for a match. Once a match is found, the appliance then pulls the user’s full Distinguished Name (DN) and uses the user’s DN and password to authenticate to the Active Directory.
If an LDAP Search Filter is defined, then only user names that match the LDAP Search Filter are searched for a user name match. For example, if the LDAP Search Filter is constructed to only search members of an Active Directory group, then the user name entered by the user must match the members of the group.
Prerequisites
The NetScaler Gateway virtual server must be configured for LDAP authentication.
Steps to configure an LDAP Search Filter for members of one Active Directory group
-
Determine the Active Directory Group that has access permission, and get its full Distinguished Name.
An easy way to get the full Distinguished Name of the group is through Active Directory Users and Computers.
-
In Active Directory Users and Computers, from View menu, enable Advanced Features.
-
Browse the tree to the group object, right-click, and then and click Properties. Note: You cannot use Find. Instead, you must navigate through the tree to find the object.
-
On the right, switch to the Attribute Editor tab.
This tab is only visible if Advanced Features are enabled, and if you have not use the Find feature.
-
Scroll down to distinguishedName, double-click it, and then copy it to the clipboard.
- In the NetScaler Gateway GUI, navigate to NetScaler Gateway > Virtual Servers.
- Select an existing NetScaler Gateway virtual server and click Edit.
- In the Basic Authentication section, click LDAP Policies.
-
Right-click an existing LDAP policy, and click Edit Server.
-
In the Other Settings section, in the Search Filter field, type in memberOf= and then paste the Distinguished Name of the Active Directory group after the equals sign (=).
An example Search Filter is the following: memberOf=CN=Citrix Remote,OU=Citrix,DC=corp,DC=local Note: By default, NetScaler only searches for user names that are direct members of the Active Directory group. If you want to search nested groups, then add the Microsoft OID:: to the LDAP Search Filter. The OID is inserted between memberOf and =.
Example: memberOf:1.2.840.113556.1.4.1941:=CN=Citrix Remote,OU=Citrix,DC=corp,DC=local
- Click OK.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.