NetScaler Insight Center 10.5 introduced the ability to configure alternate forms of authentication, such as RADIUS, LDAP, and TACACS. Using alternate authentication sources can ease administration of NetScaler Insight Center and provide a more robust solution for those looking to get the most out of their investment in NetScaler Insight Center.
To configure external authentication, log into NetScaler Insight Center as an administrator (nsroot/nsroot by default).
Click the authentication type. We’ll be using LDAP to authenticate directly to Active Directory.
Fill in the required parameters. The “base DN” can begin at the domain root, as shown here. You can optionally configure LDAPS over port 636 if your organizational policies require it.
Now that an LDAP server is configured, we must specify the group names and roles. Click User Administration, Groups, then Add.
Add a group with the same name as one in Active Directory. The users must be a direct member if you did not configure nested group extraction.
Finally, we enable authentication by clicking “Authentication” then “Authentication Configuration” and changing the server type to “LDAP”
If you need to troubleshoot external authentication in NetScaler Insight Center, use an SSH client to connect to the appliance, then use “cat /tmp/aaad.debug” in shell mode.