Jump to content
Welcome to our new Citrix community!

Restricting Gateway access with LDAP Filter: users coming via one-way trust?


tylital520

Recommended Posts

Hello everybody,

 

Edit:

 

Okay I will rephrase my question a little bit so that it would be easier to understand what I want to achieve:

 

Our environment consists of two Active Directory domains in two different forests. Our Citrix services (StoreFronts, Delivery Controllers, Server and Desktop VDAs) are in one domain, and our users come from another domain via one-way domain trust as described below:

 

image.thumb.png.d10c8735c55f86d58df41d979a826eca.png


Our Gateway LDAP policies point to LDAP-servers in domain B, and our Citrix servers are members of domain A. When a user from domain B wants to have access to Apps or Desktops we add his/her domain B user account to a Domain Local security group in domain A. Permissions to Delivery Groups in Citrix Studio have been defined with these Domain Local groups.

 

The problem at the moment is that anyone with a user account in domain B is able to login to our Gateway. If they are not members of domain A Domain Local groups they will not see anyApps or Desktops. I want to restrict the access so that if the users from domain B are not members of Security Group in domain A, they cannot login. Is this possible with LDAP filtering which Carl Stalhood explains here: https://www.carlstalhood.com/netscaler-gateway-12-ldap-authentication/#action -> 12. "If you want to restrict Citrix Gateway access to only members of a specific AD group"?

Link to comment
Share on other sites

  • 3 months later...

I have the same configuration and i'm experiencing the same issue, did you managed to solve the problem.

I had a citrix case opened and their only solution was to use the domain controllers from the trusted domain but this is not my desired configuration since i'm passing my domain.

none of the search folder solution worked for me.

 

Thank you,

Link to comment
Share on other sites

On 1/15/2020 at 1:20 PM, Andrei Apostoiu1709160260 said:

I have the same configuration and i'm experiencing the same issue, did you managed to solve the problem.

I had a citrix case opened and their only solution was to use the domain controllers from the trusted domain but this is not my desired configuration since i'm passing my domain.

none of the search folder solution worked for me.

 

Thank you,

Hi,

no solution. I guess the only way to use this in our scenario would be to create the necessary AD Security Groups to the trusted domain (Domain B in the picture) and start using them, but that's not an option in our case.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...