Jump to content
Welcome to our new Citrix community!

login to Netscaler admin console with domain account


Arun Kumar K R

Recommended Posts

We have Netscaler VPX 13.0.67 with multi domain infra servers in the backend. We have same admin accounts (Admin1, Admin2 etc) in each domain (domain 1, domain2) which are in different forest. Currently we are able to login with Admin accounts from doamin1. We need help on below scenarios.

 

1. How to make admins to login to Netscaler console from Domain2.

2. If the admins login to Netscaler console, how can we check which domain account authenticated. 

 

Link to comment
Share on other sites

7 hours ago, Carl Stalhood1709151912 said:

Create and bind multiple LDAP policies, one for each domain. In the Server Logon Attribute field, change it from samAccountName to userPrincipalName. Then tell the admins to login using UPN.

 

Carl, I don't fully agree. In most cases, there is no need to use UPN, as username/password pairs don't exist in all domains, so logon to domain will fail, while logon to domain 2 will be successful using SamAccountName.

If all domains are in the same forest, you could also create a policy pointing to the global catalogue. In this case, UPN is a must.

 

If you have several LDAP policies, you may use the "Default Authentication Group" in "Other Settings". Let's say, you write DomainA into it. So all users, logging on through this policy, will be a member to the group DomainA ion addition to all AD groups. That's the easiest way to find out, where people come from.

 

Greetings from Austria

Johannes Norz

CTA, CCI, CCE-N

https://blog.norz.at 

Link to comment
Share on other sites

The OP says: "We have same admin accounts (Admin1, Admin2 etc) in each domain (domain 1, domain2) which are in different forest."

 

If the passwords are different in each domain, then no need for UPN. But if same username/password in each domain, then UPN might be needed. You could use samAccountName for a "default" domain and UPN for the domain you don't log into very often.

Link to comment
Share on other sites

1 minute ago, Carl Stalhood1709151912 said:

The OP says: "We have same admin accounts (Admin1, Admin2 etc) in each domain (domain 1, domain2) which are in different forest."

 

If the passwords are different in each domain, then no need for UPN. But if same username/password in each domain, then UPN might be needed. You could use samAccountName for a "default" domain and UPN for the domain you don't log into very often.

 

Seems like I didn't read good enough. Sorry. You are right.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...