This article describes how to use External authentication on Netscaler and fall back to local authentication if external authentication fails.
 

---

Instructions

Step 1:
Disable “Local authentication” under global system settings parameters

CLI:
set system parameter localAuth DISABLED

GUI:
System > Settings > Change Global system settings



Step 2:
Create a LDAP policy and bind the same to System Global binding using Priority 100
Create a LOCAL policy and bind it to System Global using Priority 110



Step 3:
Add management user to Netscaler whose request should fall back to Local if External server fails



Bind the appropriate command policy to the user1.




user1 is only in local database (ADC db)
user2 is on LDAP and local



We can validate the authentication in aaad.debug logs
For user1, The LDAP rejected the user and then fall back to local db



For user2, the authentication went to LDAP server first and authentication succeeded