Jump to content
Welcome to our new Citrix community!

Best Practice Question: Service Account Passwords.


Gareth Doyle

Recommended Posts

Hello, everyone.

 

My team seems to have trouble changing these service account passwords, but before I get into that and ask for your advice, allow me to explain the environment a little bit.

 

We have 3 pairs of SDX appliances, each with three VPX's; I'll call them VPX-A, -B, and -C. The pairs run as HA pairs and all three pairs use GSLB. Within each of these we have a service account set up under our LDAP authentication policies which ties into our LDAP serveers and allows for access into the NetScaler's as well as verifies credentials for some of the Virtual Servers customer's are hitting. Due to contractual requirements we are required to change these service account passwords every X number of days.

 

Our current process is essentially to log into each active VPX, change the password manually, and save the config; this is 9 configuration changes for each service account. Each time we change these passwords we seem to be running into issues where the accounts get locked out and/or someone is unable to log into the boxes (either customers or us from the management perspective). Usually we end up having to log into the boxes using a local account, change the password again, and contact the AD team to have them unlock the service account.

 

Needless to say, this is a nuisance. At one point I tried asking TAC if I could script/orchestrate this using MAS, but they seemed to think that was not possible.

 

Is there a better way to go about changing these passwords or is a manual process the only one available to me at this time?


Thanks.

Link to comment
Share on other sites

40 minutes ago, Sam Jacobs said:

Though I haven't tried it, I would think you should be able to automate your LDAP auth server password changes with NITRO:

https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/configuration/authentication/authenticationldapaction/authenticationldapaction/ 

 

Thank you, this seems like a fantastic option. Now just to muddle through google and find some resources that may teach me a thing or 10. :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...