NetScaler-13.1- How to enforce the users to log in using domain\username format
Article ID: CTX696308
Updated On:
Description
We can use the following policy to enforce the users to log in using the domain\username format instead of a single username.
add responder policy loginNoDomain-rep-pol "AAA.LOGIN.USERNAME.LENGTH.GT(0)&&AAA.LOGIN.USERNAME.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"<your_domain>\").NOT" RESET
=>replace "<your_domain>" to the real domain name
bind vpn vserver <vserver_name> -policy loginNoDomain-rep-pol -priority 100 -gotoPriorityExpression END -type AAA_REQUEST
=> replace <vserver_name> to the real vserver name
If there are multiple domains , we can use patset to include all domains.
add policy patset LoginDomains
bind policy patset LoginDomains mydomain1
bind policy patset LoginDomains mydomain2 => replace mydomain1 and mydomain2 with the real domains
add responder policy loginNoDomain-rep-pol "AAA.LOGIN.USERNAME.LENGTH.GT(0)&&AAA.LOGIN.USERNAME.SET_TEXT_MODE(IGNORECASE).STARTSWITH_ANY(\"LoginDomains\").NOT" RESET
bind vpn vserver <vserver_name> -policy loginNoDomain-rep-pol -priority 100 -gotoPriorityExpression END -type AAA_REQUEST
=> replace <vserver_name> to the real vserver name
To rollback, we can use the following command.
unbind vpn vserver <vserver_name> -policy loginNoDomain-rep-pol -type AAA_REQUESTIssue/Introduction
This article describes the steps to enforce the users to log in using domain\username format. If the users try to log in using a single username, we will block the login.
Was this article helpful?
Yes
No
Powered by
