This article describes how to configure Radius Group Extraction from Windows Server 2008/2012 with NetScaler

Instructions

Prerequisites

=========

-- Network connectivity between NetScaler and Radius  server on UDP Port 1812(It can be a custom port)

-- Radius client configuration on the Radius server.

-- Network policy configuration on Radius server.


Below are the steps for Group Extraction from the Radius Server 
 

Step 1

==========

-- Open the Network policy in the radius server.

Go to the Settings tab and select Vendor Specific.

 

Step 2

========

Click on add to add a vendor Specific attribute and select Vendor-Specific and select Vendor as RADIUS Standard



 

Step 3

===========

On the next dialog box, we need to add the Attribute Information. Click on Add



 

Step 4

==========

Select Enter Vendor Code and enter the Vendor Code as 3845(Applicable for all Citrix Products).

Also select Yes. It conforms



 

Step 5

===========

-- Click on Configure Attribute.

-- In the Vendor-Attribute number you may specify any number , however, this should match the    

   Attribute number that we will specify in the Radius Profile on NetScaler/Cloudbridge. Here we have set it to 1.

-- Set the attribute Format to 'String'.

-- In the Attribute Value, specify the group name you want to be extracted for the users.



 

User Properties

===========


 

NetScaler Configuration

=================

Configure the Radius Authentication Server as below.

-- Specify the Group Vendor Identifier as 3845

-- Configure the Group Attribute Type field as 1(Specified in the Radius config.)


 

Verification in aaad.debug logs.

=================



 

Verification in nstrace

==================

 

https://docs.citrix.com/en-us/netscaler-gateway/10-1/ng-configuration-mgmt-wrapper-con/ng-authen-authoriz-wrapper-con/ng-authorize-config-con/ng-authorize-radius-group-extraction-con.html