Jump to content
Welcome to our new Citrix community!

Netscaler VPX setup user's authentication to access webpage

Recommended Posts

Dear forum members,

I am struggling with Netscaler VPX authentication setup.


Users are accessing test webpage on test server. 

Without authentication everything works well.


I would like to setup local authentication on Netscaler, so when you would like to access webpage, window pops up and

you will enter username and pass - users will be created on netscaler.


I have created local user, Authentication Virtual server, basic authentication policy, but with no success.

Have tried Form based virtual server also 401 based virtual server...but I am not sure if this approach is correct


Tried to find solution for this kind of basic configuration, but unfortunately did not find anything.

Attached picture for better understanding.


Thank you for help or any kind of hint.

Best Regards




netscaler screenshot forum.PNG

Link to comment
Share on other sites

While AAA is the correct feature to use, it would be a little easier to troubleshoot if you could show your aaa vserver config and the lb vserver authentication settings.   You can obscure or omit the actual authentication policy details.  Since you are also using content switching, you might be having an issue there too.


If you have a chance, you could try just the LB vserver + aaa vserver as a simpler integration before moving to CS (but then you would need two vips: one for lb vserver and one for aaa vserver).


show ns runningconfig | grep <lb vserver> -i

show ns runningconfig | grep <authentication vserver> -i


Since you have CS in use, will the lb vserver and authentication vserver be non-addressable (no vip) or have their own vips.  If CS is in use, also share what cs policy you are using to sort authentication traffic to the authentication vserver.


When you do the AAA integration, on the authentication vserver:Double check what you are using in the Domain property (under the vserver basic settings > more (top section)) Does this match the domain portion of the FQDN that users access the lb/cs vserver as or is it blank? 


Depending on how you do the integration would determine whether the lb vserver authentication is pointing to the vserver and has the authentication fqdn specified or not or if an authentication profile is in use. So settings misconfigurations here can cause this to not work. But it depends on a couple of factors.



  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...