Changing a Citrix Gateway user’s password can be either forced or user initiated. To force a change, use the procedure for changing the password of an AAA-TM user,

If you enable user-initiated password change, the Change Password option appears in the top-right corner of the portal page after a user logs on.

Use case

Citrix Gateway users would like to the option to change their own passwords, without any dependency on the admins.

Prerequisites

Before giving users the option to change their passwords, make sure that:

• The basic Active Directory authentication is configured.
  
  

• Access to LDAP and Active Directory uses SSL (port 636).
  
  

• A CitrixGateway virtual server is configured and bound to the LDAP policy.
  
  

Instructions

ADC GUI

To enable the change password option for Citrix Gateway users by using the NetScaler GUI:

1. From ADC Configuration tab, navigate to Citrix Gateway > Virtual Servers and select the VPN virtual server for which to set the Change Password option.

   

2. In the Basic Authentication section, click LDAP Policy.

   

3. Select the LDAP Policy that you want to edit, and from the Select Action list, select Edit Server.

   

4. Scroll down to Other Settings and select the Allow Password Change check box.

   

5. Log on to a Citrix Gateway appliance managed by the virtual server that you've configured, and verify that the Change Password option appears at the top right of the screen.

   

ADC CLI

Enable the change password option for Citrix Gateway users using the command line:

1. Open a command line editor, and log on to the ADC appliance:
   ssh nsroot@<NetScaler IP>

2. In the editor, enter the following command:
   set authentication ldapaction <LdapServerName> passwdChange ENABLED
   .

3. Enter show authentication ldapaction <LdapServerName> and verify the configuration.

Example