February 3, 2016

Enabling External Authentication in NetScaler Insight Center 10.5

NetScaler Insight Center 10.5 introduced the ability to configure alternate forms of authentication, such as RADIUS, LDAP, and TACACS.  Using alternate authentication sources can ease administration of NetScaler Insight Center and provide a more robust solution for those looking to get the most out of their investment in NetScaler Insight Center.

To configure external authentication, log into NetScaler Insight Center as an administrator (nsroot/nsroot by default).
imageClick the authentication type.  We’ll be using LDAP to authenticate directly to Active Directory. 
Click “Add”image











imageFill in the required parameters.  The “base DN” can begin at the domain root, as shown here.  You can optionally configure LDAPS over port 636 if your organizational policies require it.
























image
Now that an LDAP server is configured, we must specify the group names and roles.  Click User Administration, Groups, then Add.

Add a group with the same name as one in Active Directory.  The users must be a direct member if you did not configure nested group extraction.













Finally, we enable authentication by clicking “Authentication” then “Authentication Configuration” and changing the server type to “LDAP”
image
image

If you need to troubleshoot external authentication in NetScaler Insight Center, use an SSH client to connect to the appliance, then use “cat /tmp/aaad.debug” in shell mode.

No comments:

Post a Comment