Citrix NetScaler Administration Guide

4.Use the procedure described in Binding Command Policies to Users and Groups on page 31 to bind the read_all command policy to the SysOps group, with priority value 1.

5.Use the procedure described in Binding Command Policies to Users and Groups on page 31 to bind the modify_lb command policy to user michaelb, with priority value 5.

The configuration you just created results in the following:

wJohn Doe, the IT manager, has read-only access to the entire NetScaler configuration, but he cannot make modifications.

wMaria Ramirez, the IT lead, has near-complete access to all areas of the NetScaler configuration, having to log on only to perform NetScaler-level commands.

wMichael Baldrock, the IT administrator responsible for load balancing, has read-only access to the NetScaler configuration, and can modify the configuration options for load balancing.

The set of command policies that applies to a specific user is a combination of command policies applied directly to the user's account and command policies applied to the group(s) of which the user is a member.

Each time a user enters a command, the operating system searches the command policies for that user until it finds a policy with an ALLOW or DENY action that matches the command. When it finds a match, the operating system stops its command policy search and allows or denies access to the command.

If the operating system finds no matching command policy, it denies the user access to the command, in accordance with the NetScaler appliance's default deny policy.

Note: When placing a user into multiple groups, take care not to cause unintended user command restrictions or privileges. To avoid these conflicts, when organizing your users in groups, bear in mind the NetScaler command policy search procedure and policy ordering rules.

Configuring External User Authentication

External user authentication is the process of authenticating the users of the Citrix® NetScaler® appliance by using an external authentication server. The NetScaler supports LDAP, RADIUS, TACACS+, and NT4 authentication servers. To configure external user authentication, you must create authentication policies. You can configure one or many authentication policies, depending on your authentication needs. An authentication policy consists of an expression and an action. Authentication policies use NetScaler classic expressions, which are described in detail in the Citrix NetScaler Policy Configuration and Reference Guide at http://support.citrix.com/article/ CTX128673.

After creating an authentication policy, you bind it to the system global entity and assign a priority to it. You can create simple server configurations by binding a single authentication policy to the system global entity. Or, you can configure a cascade of authentication servers by binding multiple policies to the system global entity. If no

37

Page 36 Page 38
Page 37
Image 37
Citrix Systems CITRIX NETSCALER 9.3 manual Configuring External User Authentication
Page 36 Page 38
Top Page Image Contents