NetScaler: Using groups membership to Authenticate

When using the NetScaler Gateway 10.x and you need to allow remote users access based on their group membership, you can use the Active Directory groups. To configure this create an Active Directory group and set the following settings on the LDAP server within the NetScaler go to: NetScaler Gateway > Policies> Authentication/Authorization> Authentication> LDAP and then Servers tab and then edit/create the LDAP server:

Connection Settings:

  • IP address: your Domain Controller
  • Port: 389
  • Base DN: dc=subdomain,dc=domain,dc=nl
  • Administrator Bind: Administrator account

Other Settings:

  • Server Logon Attribute: sAMAccountName/UserPrincipalName
  • Search Filter: memberOf=CN=XenDesktop Remote ,OU=Groups,OU=Resources, DC=subdomain,dc=domain, DC=nl
  • Group Attribute: memberOf
  • Sub Attribute Name: CN
  • Security Type: PLAINTEXT

Nested Group Extraction:

  • Maximum Nesting Level: 2
  • Group Name Identifier: sAMAccountName/UserPrincipalName
  • Group Search Attribute: memberOf
  • Group Search Sub-Attribute: CN
  • Group Search Filter: <BLANK>

Groups

I Hope this helps you.

banner