Binding a Citrix NetScaler Global LDAP Authentication Policy for Admins
In this walkthrough we will create a LDAP policy for administrators of the NetScaler and bind it globally to the NetScaler
| Step | Description | Screenshot | |
| 1 | Log into your NetScaler
Expand System > Authentication > LDAP Tick the newly created policy and click Global Bindings |
  |
|
| 2 | Click the > button to choose your newly created LDAP policy
Then click Select Click Bind on the System Global Authentication LDAP Policy Binding Window Click Done |
 |
|
| 3 | Note: The LDAP Policy will have a green tick in the Globally Bound column, which means all members of the LDAP group you added in the ‘Search Field’ of the server policy will now be able to authenticate against the NetScaler as NetScaler system users |  |
|
Granting AD Group Permissions to the NetScaler
In the previous step we created an LDAP policy and bound it globally to the NetScaler so that all users who are members of the Active Directory group Domain Admins would be able to authenticate against the NetScaler and access the WebGUI. However these users will not have permission on the NetScaler itself to perform any administrative tasks, so we must link the AD group to appropriate permissions on the NetScaler.
| Step | Description | Screenshot |
| 1 | Example of error message when logging in as user ‘admin@home.local’
Not authorized to execute this command [show ns license] [show ns feature] Note: a user name of just ‘admin’ would also work |
Here you can see that the user is able to authenticate, but not perform any tasks on the NetScaler. |
| 2 | Log into the NetScaler as nsroot
Browse to > System > User Administration > Groups Click the add button |
 |
| 3 | Type in Group Name: ‘Domain Admins’
Note: The NetScaler group name must match the LDAP group name and is Case SeNsiTiVE |
 |
| 4 | Under Command Policies
Click Bind Tick Sysadmin Click Insert |
 |
| 5 | Click Create |   |
| 6 | Users who are members of Domain Admins group in Active Directory will now have the sysadmin role on the NetScaler | |
| 7 | A list of other roles on the NetScaler and what can be assigned are listed here on the Citrix Website | http://docs.citrix.com/en-us/NetScaler/10-1/ns-system-wrapper-10-con/ns-ag-aa-intro-wrapper-con/ns-ag-aa-config-users-and-grps-tsk.html |
If you want to learn more about Citrix NetScaler check out our online NetScaler course at www.mastersof.cloud
Signup below to receive a free 200 page Citrix NetScaler Introduction guide!
[mc4wp_form id=”2763″]
