Jump to content
Welcome to our new Citrix community!

External Authentication using Active Directory LDAP


avinash shitole

Recommended Posts

If I understood correctly ,in Double Hop DMZ setup ,External NetScaler gateway in 1st DMZ authenticates users and pass these credentials to Store Front Sever in 2nd DMZ.

However Organization AD/LDAP severs are in Secure/Internal Zone ,how NetScaler in 1st DMZ authenticate users against Active Directory which is in Internal Network ?

Link to comment
Share on other sites

Actually, NetScaler will do LDAP authentication itself before it sends anything to StoreFront. NetScaler asks the user to enter username and password. NetScaler uses LDAP protocol to communicate with a Domain Controller to authenticate the user. If successful, then NetScaler performs Single Sign-on with the user's credentials to StoreFront.

Link to comment
Share on other sites

As Carl said, your Gatway1 (ns1) does authentication before forwarding to StoreFront.

 

So your authentication options:

1) Allow Gateway1 in DMZ1 to do authentication against resources in secured zone. Or take advantage of two factor and hit a radius server in the DMZ (first factor) before going to AD in secured zone (as one example)

2) Ad a LB vserver for LDAP or other directory service to your NS2 in DMZ2, so traffic goes from GAteway1 to (LBVIP on NS2) and the NS2 in DMZ2 can proxy to the LDAP servers in the secured zone.

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...