Netscaler Authentication Primary and Secondary

[Kim Keith]

HI Citrix Guys

 

I have a customer who wants both Radius and LDAP to authenticate on the Netscaler (Dont ask me why)

Currently they have a Radius/2 faktor as primary and no Secondary Authentication, so can i add a LDAP AUthentication as Secondary authentication on the GW VIP so only user can login who are member of the AD group of the Radius authentication and also the AD group of the LDAP group ? and only will be ask to authentication from 2 Faktor. So they users dont see the LDAP authentication ?

 

Meaning they login as the use to.

 

/Kim

 

 

[Paul Blitz]

Using the classic dual-factor authentication, then when you enable DFA, everyone will then need to use DFA.

 

It is possible to set LDAP as a "third" authentication method, which means there is no user login, but it sends the user name to LDAP and just does group extraction. So go to the bind point (ie the NG Vserver), add a new authentication policy, select LDAP,  then choose "group extraction" (rather than Primary or Secondary). That might give you what you need.