[Citrix Gateway Trace Study] – LDAP Authentication

book

Article ID: CTX233027

calendar_today

Updated On:

Description

This trace study looks at how LDAP authentication to the Citrix Gateway works, using a user called "garyca" as an example.

This example trace was carried out in a practice lab environment with the following IP addresses:

VIP:10.90.33.172
NSIP:10.90.41.200
SNIP:192.168.0.2
LDAP/AD server:192.168.0.1 (port 389)

Instructions

Client enters credentials, this is a POST from 10.90.41.87 to 10.90.33.172:

POST from 10.90.41.87 to 10.90.33.172

The ADC does a bind request to the LDAP/AD server, authentication leaves from the NSIP In this environment this is an unreachable subnet from the NSIP, so the SNIP is used:

netscaler does a bind request to the LDAP/AD server

The bind details are visible inside the trace:

The bind details are visible inside the trace

Highlighting “simple: 636974726978” will show the unencoded password (citrix):

Highlighting “simple: 636974726978” will show the unencoded password

Bind details are accepted:

Bind details are accepted

A search request is submitted for user “garyca”:

A search request is submitted for user “garyca”

User found, a response is received:

User found, a response is received

Bind request to authenticate user:

Password:

Password

Success response and unbind from LDAP:

Success response and unbind from LDAP

User is redirected to /cgi/setclient?wica for the next stage of the login process:

User is redirected to /cgi/setclient?wica for the next stage of the login process

Issue/Introduction

This trace study looks at how LDAP authentication to the NetScaler Gateway works, using a user called "garyca" as an example.

Additional Information

CTX108876 - How to Configure LDAP Authentication on NetScaler or NetScaler Gateway
CTX114999 - How to Troubleshoot Authentication Issues Through NetScaler or NetScaler Gateway with aaad.debug Module

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"