How to append domain\samAccountName Radius client
Article ID: CTX232089
Updated On:
Description
Netscaler will accept only SAM Account name for authentication with Radius client i.e. primary authentication on NetScaler, no LDAP VServer exists.
If user enter only samAccountname authentication fails with RADIUS. Radius server is Microsoft NPS & Azuure cloud. NPS server is in different domain that of user's domain.
Instructions
- Create authentication profile with a new authentication Virtual server (non-addressable) bound to it
- Bind the authentication profile to NetScaler Gateway Virtual server
- In AAA VServer:
- create and bind a login schema and an advanced no_auth authentication policy as per the document https://support.citrix.com/article/CTX226488 for EULA
- Next factor policylabel for the above policy should have the following:
- Login schema will be for “SingleAuth.xml”.
- Bind a NO_AUTH policy to this with the expression HTTP.REQ.URL.CONTAINS("/nf/auth/doAuthentication.do") and profile “NO_AUTHN”
- Next factor policylabel for the above will be for RADIUS with the following:
- Login schema for RADIUS with username prefilled:
Set the user expression in this policy label as "domain\\"+http.req.user.name
- Set the policy in this policy label as the RADIUS policy configured
- Click OK and Done
- Save the configuration
Issue/Introduction
How to append domain to the samAccountName as "domain\samAccountName" before sending to Radius client
Was this article helpful?
Yes
No
Powered by
