Netscaler access gateway - Error: Not a privileged User.

[Ennio Martinez]

Dear,

Good afternoon!

I Configured the NetScaler access gateway 10.1, and when access externally placing a domain account this error appears: Error: Not a privileged User. Already configured LDAP authentication and tested with the administrator account.

regards

[Ennio Martinez]

Solved

[Ennio Martinez]

solved

[Martin Lapointe1709152027]

How did you solved the issue ?
I m having the same probleme and can't figure out what is happening !!

Thank you

[Martin Lapointe1709152027]

Solved by changing from DENY to ALLOW in the netscaler Profile setting, under security tab on Default Authorization Action

[Evan Chadwick1709156803]

Not a recommended approach to set the default to Allow.

[Paul Blitz]

"Not a Privileged user" means that the user has connected ok, but has not been authorised to access backend resources.

 

There are several ways to fix this:

- use authorisation policies (the only safe way to do it with full VPN / Clientless VPN, but also a valid way to do it for ICA Proxy)

- set the Default Auth action of a session profile to Allow (not safe for full VPN / Clientless VPN, but fine for ICA connections*)

- set the global Default Authorisation to Allow (NOT SAFE!)

 

* it is quite safe to set the Session Profile's Default Authorisation to Allow for ICA Proxy connections, as we are in full control of what the user gets connected to (Storefront, as set in the profile, and from there to any HDX = ICA connections). There's no way for the user to access anything outside of the XD setup.

[Yuri Shatalov]

Hello!

I got the same error. I've created a authorization policy (CLIENT.TCP.DSTPORT.EQ(445)||CLIENT.TCP.DSTPORT.EQ(139)) and bind it to the AAA group. But thr same error.

[Hailey Horsley]

On 8/2/2013 at 9:54 AM, Martin Lapointe1709152027 said:

Solved by changing from DENY to ALLOW in the netscaler Profile setting, under security tab on Default Authorization Action

Been a few years, but recently ran into this same issue while upgrading from 12.1 to 13.1 - default auth action reset to "DENY" and was dropping all otherwise valid AAA attempts.