This article describes how to enable NetScaler Gateway to send RADIUS Accounting Start and Stop messages to a RADIUS server, whenever an ICA session starts and ends.

Background

RADIUS accounting messages are useful in recording user’s connection information like Username, the duration user had an active session, reason for connection termination and so on. This information is sent in the form accounting Start message, when a user successfully logs into NetScaler Gateway vserver and an accounting stop message whenever a user connection terminates. From release 12.0 onwards, NetScaler Gateway can also send another Radius Accounting Start message whenever a user launches an ICA session (XenDesktop or XenApp) and send an accounting Stop message whenever an ICA session terminates. This could be helpful to calculate the time duration each user is using Citrix XA/XD resources. The accounting message contains a unique ID of the user like Username, Domain and Session time to name a few.



Prerequisites

It is assumed that following configuration are in place.

• NetScaler Gateway configuration
• NetScaler Gateway and StoreFront Integration
• Radius accounting policy pointing to radius accounting server

Instructions

To enable RADIUS accounting support for ICA session on NetScaler Gateway using GUI:

To enable RADIUS accounting support for ICA session on NetScaler Gateway using CLI:
set vpn parameter -icaUserAccounting Radius_accounting

• The above configuration enables radius accounting on all the VPN vservers
• Starting with 12.0, NetScaler Gateway can be configured with separate authentication and accounting RADIUS servers.

How to configure Radius Accounting Policy: https://docs.citrix.com/en-us/netscaler-gateway/11/authentication-authorization/configure-radius/ng-radius-user-accounting-tsk.html