Citrix Systems Network Router NETSCALER 9.3 User Manual
Configuring RADIUS Authentication
You can configure the NetScaler appliance to authenticate user access with one or
more RADIUS servers. If you are using RSA SecurID, SafeWord, or Gemalto Protiva
products, use a RADIUS server.
more RADIUS servers. If you are using RSA SecurID, SafeWord, or Gemalto Protiva
products, use a RADIUS server.
Your configuration might require using a network access server IP address (NAS IP) or a
network access server identifier (NAS ID). When configuring your NetScaler to use a
RADIUS authentication server, use the following guidelines:
network access server identifier (NAS ID). When configuring your NetScaler to use a
RADIUS authentication server, use the following guidelines:
w
If you enable use of the NAS IP, the appliance sends its configured IP address to the
RADIUS server, rather than the source IP address used in establishing the RADIUS
connection.
RADIUS server, rather than the source IP address used in establishing the RADIUS
connection.
w
If you configure the NAS ID, the appliance sends the identifier to the RADIUS server.
If you do not configure the NAS ID, the appliance sends its host name to the RADIUS
server.
If you do not configure the NAS ID, the appliance sends its host name to the RADIUS
server.
w
When the NAS IP is enabled, the appliance ignores any NAS ID that was configured
by using the NAS IP to communicate with the RADIUS server.
by using the NAS IP to communicate with the RADIUS server.
To configure RADIUS authentication by using the
configuration utility
1. In the navigation pane, expand System, and then click Authentication.
2. On the Policies tab, click Add.
3. In Name, type a name for the policy.
4. In Authentication Type, select RADIUS.
5. Next to Server, click New.
6. In Name, type a name for the server.
7. Under Server, in IP Address, type the IP address of the RADIUS server.
8. In Port, type the port. The default is 1812.
9. Under Details, in Secret Key and Confirm Secret Key, type the RADIUS server secret.
10. In NAS ID, type the identifier number, and then click Create.
11. In the Create Authentication Policy dialog box, next to Named Expressions,
select the expression, click Add Expression, click Create, and click Close.
After the RADIUS server settings are configured on the NetScaler, bind the policy to the
system global entity. For more information about binding authentication policies
globally, see
system global entity. For more information about binding authentication policies
globally, see
on page
45.
Choosing RADIUS authentication protocols
The NetScaler appliance supports implementations of RADIUS that are configured to use
any of several protocols for user authentication, including:
any of several protocols for user authentication, including:
Chapter 1
Authentication and Authorization
42