Kim Keith Posted November 16, 2019 Share Posted November 16, 2019 HI Citrix Guys I have a customer who wants both Radius and LDAP to authenticate on the Netscaler (Dont ask me why) Currently they have a Radius/2 faktor as primary and no Secondary Authentication, so can i add a LDAP AUthentication as Secondary authentication on the GW VIP so only user can login who are member of the AD group of the Radius authentication and also the AD group of the LDAP group ? and only will be ask to authentication from 2 Faktor. So they users dont see the LDAP authentication ? Meaning they login as the use to. /Kim Link to comment Share on other sites More sharing options...
Paul Blitz Posted November 25, 2019 Share Posted November 25, 2019 Using the classic dual-factor authentication, then when you enable DFA, everyone will then need to use DFA. It is possible to set LDAP as a "third" authentication method, which means there is no user login, but it sends the user name to LDAP and just does group extraction. So go to the bind point (ie the NG Vserver), add a new authentication policy, select LDAP, then choose "group extraction" (rather than Primary or Secondary). That might give you what you need. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now