Citrix Systems CITRIX NETSCALER 9.3 Benutzerhandbuch
4. Use the procedure described in
on
page 31 to bind the read_all command policy to the SysOps group, with priority
value 1.
value 1.
5. Use the procedure described in
on
page 31 to bind the modify_lb command policy to user michaelb, with priority
value 5.
value 5.
The configuration you just created results in the following:
w
John Doe, the IT manager, has read-only access to the entire NetScaler
configuration, but he cannot make modifications.
configuration, but he cannot make modifications.
w
Maria Ramirez, the IT lead, has near-complete access to all areas of the NetScaler
configuration, having to log on only to perform NetScaler-level commands.
configuration, having to log on only to perform NetScaler-level commands.
w
Michael Baldrock, the IT administrator responsible for load balancing, has read-only
access to the NetScaler configuration, and can modify the configuration options for
load balancing.
access to the NetScaler configuration, and can modify the configuration options for
load balancing.
The set of command policies that applies to a specific user is a combination of
command policies applied directly to the user's account and command policies applied
to the group(s) of which the user is a member.
command policies applied directly to the user's account and command policies applied
to the group(s) of which the user is a member.
Each time a user enters a command, the operating system searches the command
policies for that user until it finds a policy with an ALLOW or DENY action that matches
the command. When it finds a match, the operating system stops its command policy
search and allows or denies access to the command.
policies for that user until it finds a policy with an ALLOW or DENY action that matches
the command. When it finds a match, the operating system stops its command policy
search and allows or denies access to the command.
If the operating system finds no matching command policy, it denies the user access to
the command, in accordance with the NetScaler appliance's default deny policy.
the command, in accordance with the NetScaler appliance's default deny policy.
Note: When placing a user into multiple groups, take care not to cause unintended
user command restrictions or privileges. To avoid these conflicts, when organizing your
users in groups, bear in mind the NetScaler command policy search procedure and
policy ordering rules.
user command restrictions or privileges. To avoid these conflicts, when organizing your
users in groups, bear in mind the NetScaler command policy search procedure and
policy ordering rules.
Configuring External User Authentication
External user authentication is the process of authenticating the users of the Citrix
®
NetScaler
®
appliance by using an external authentication server. The NetScaler
supports LDAP, RADIUS, TACACS+, and NT4 authentication servers. To configure external
user authentication, you must create authentication policies. You can configure one or
many authentication policies, depending on your authentication needs. An
authentication policy consists of an expression and an action. Authentication policies
use NetScaler classic expressions, which are described in detail in the Citrix NetScaler
Policy Configuration and Reference Guide at
user authentication, you must create authentication policies. You can configure one or
many authentication policies, depending on your authentication needs. An
authentication policy consists of an expression and an action. Authentication policies
use NetScaler classic expressions, which are described in detail in the Citrix NetScaler
Policy Configuration and Reference Guide at
.
After creating an authentication policy, you bind it to the system global entity and
assign a priority to it. You can create simple server configurations by binding a single
authentication policy to the system global entity. Or, you can configure a cascade of
authentication servers by binding multiple policies to the system global entity. If no
assign a priority to it. You can create simple server configurations by binding a single
authentication policy to the system global entity. Or, you can configure a cascade of
authentication servers by binding multiple policies to the system global entity. If no
Citrix NetScaler Administration Guide
37