Jump to content
Welcome to our new Citrix community!

LDAP and RADIUS authentication policies


Recommended Posts

I have a VPX200 that is currently set up for LDAP authentication.  Currently, users login to the Netscaler.  Netscaler hits LDAP, all is good.  I am now looking at integrating MFA via a RADIUS server.  What I am interested in doing is setting up policies so that a user only gets prompted for MFA if they are out of the office.  The way I kind of imagine it is if there is a policy that allows LDAP authentication if they come from inside addresses.  Then another policy that sends everything else to the RADIUS server and hence MFA.

 

Thoughts?

Link to comment
Share on other sites

Hello,

 

You can configure the following policy for your radius server:

 

  • REQ.IP.SOURCEIP != 10.0.0.0 -netmask 255.0.0.0   #### For classic VPN policies. Where 10.0.0.0 is your corporate subnet if you use 10.x.x.x address space and 255.0.0.0 subnet mask for /8
  • CLIENT.IP.SRC.BETWEEN(10.0.0.0,10.255.255.255)   ### for advance policies if you are using nFACTOR authentication.

 

I would configure nFACTOR for the gateway with 2 different schemas based on the source IP of the client.

 

https://docs.citrix.com/en-us/netscaler-gateway/12/authentication-authorization/nfactor-for-gateway-authentication.html

 

Hope it helps

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...