Chapter 1 Authentication and Authorization

5. In Group Attribute Type, type the value, and click OK twice.

Configuring TACACS+ Authentication

You can configure a TACACS+ server for authentication. Similar to RADIUS authentication, TACACS+ uses a secret key, an IP address, and the port number. The default port number is 49. To configure the NetScaler to use a TACACS+ server, provide the server IP address and the TACACS+ secret. The port needs to be specified only when the server port number in use is something other than the default port number of 49.

To configure TACACS+ authentication by using the configuration utility

1.In the navigation pane, expand System, and then click Authentication.

2.On the Policies tab, click Add.

3.In Name, type a name for the policy.

4.In Authentication Type, select TACACS.

5.Next to Server, click New.

6.In Name, type a name for the server.

7.Under Server, type the IP address and port number of the TACACS+ server.

8.Under TACACS server information, in TACACS Key and Confirm TACACS key, type the key.

9.In Authorization, select ON and click Create.

10.In the Create Authentication Policy dialog box, next to Named Expressions, select the expression, click Add Expression, click Create, and click Close.

After the TACACS+ server settings are configured on the NetScaler, bind the policy to the system global entity. For more information about binding authentication policies globally, see Binding the Authentication Policies to the System Global Entity on page 45.

Configuring NT4 Authentication

You can configure the NetScaler appliance to use Windows NT LAN Manager (NTLM) authentication to authenticate users against the user database on a Windows NT 4.0 domain controller. A Windows NT 4.0 domain controller maintains domain user accounts in a database on the Windows NT 4.0 server. A domain user account includes a user name and password and other information about the user.

When a user logs on to the NetScaler, the user enters the user name and password maintained in the domain user account on the Windows NT 4.0 server. The NetScaler connects to the Windows NT 4.0 server and passes these credentials to the server. The server authenticates the user. If you need to configure the NetScaler to authenticate clients against a Windows NT 4.0 primary or backup domain controller, you need to specify the server IP address, the domain name, and the domain administrator user

44

Page 44
Image 44
Citrix Systems CITRIX NETSCALER 9.3 manual Configuring TACACS+ Authentication, Configuring NT4 Authentication