Patrick Jonsson Posted March 25, 2017 Share Posted March 25, 2017 Hi, Have anyone successfully used Cisco ISE to authenticate NetScaler system administrators with RADIUS? I've seen various old guides to use RADIUS with Windows NPS and Cisco ACS with TACACS+ but none with Cisco ISE and RADIUS. I've managed to authenticate but I only get read only access (see the attached picture), not superuser access. There are also tons of guides for NetScaler Gateway but I guess that is not applicable since I'm interested only in system administrator access to the NetScaler appliance, not user authentication to XenApp/XenDesktop. I've configured my RADIUS (ISE) server in System > Authentication > RADIUS > Servers with IP, port and PSK. The Test Connection button works fine. I've configured an Authentication Policy for RADIUS and chosen the ISE box configured above. Expression is ns_true. The policy is globally bound. (There is also a local policy, globally bound, with the expression ns_true using a higher prioriy number). ISE is configured to use Active Directory as an identity source. ISE is configured with the build-in Authorization Profile "PermitAccess". I know it needs to be modified, but I don't know which AV-pairs to use. I think I should use Vendor Specific (Radius Standard AV pair 26) and then enter some magic value containing "superuser" or something. I've encountered some posts mentioning "group extraction" but I really don't know how to configure it in this case. I've done it using LDAP and NetScaler Gateway some years ago but never in the case of RADIUS and superuser access to the appliance. Link to comment Share on other sites More sharing options...
Salim Hurjuk Posted March 25, 2017 Share Posted March 25, 2017 Which NS License in installed ? Link to comment Share on other sites More sharing options...
Patrick Jonsson Posted March 25, 2017 Author Share Posted March 25, 2017 Enterprise Link to comment Share on other sites More sharing options...
Mathieu Durupt1709161922 Posted April 7, 2020 Share Posted April 7, 2020 Hi, Any news regarding this issue? Link to comment Share on other sites More sharing options...
CarlStalhood Posted April 7, 2020 Share Posted April 7, 2020 Have you tried this? https://support.citrix.com/article/CTX207726 Link to comment Share on other sites More sharing options...
Mathieu Durupt1709161922 Posted April 7, 2020 Share Posted April 7, 2020 Pretty old stuff and based on RADIUS instead of TACACS. But i'm gonna give it a try on my lab plateform! I'll keep you inform Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now