Jump to content
Welcome to our new Citrix community!

Possible to temporary add a second RADIUS policy to virtual server?

Baumgartner AG

Recommended Posts

Dear community


We have a running netscaler with LADP and RADIUS policy enabled. The RADIUS server is a Vasco identikey, which has to be replaced due to some Database issues. I have installed a new, seperate server with the latest Vasco version and assigned all the 90 Digipasses to the users. 


The problem now is, that the new Vasco server uses a different Database engine, which requires users to re-activate the tokens on their mobile phones to make the authentication work again. Once re-activated, the authentication only works on the new server, but no longer on the old one. This is a little tricky, because I cannot simply switch to the new server for secondary authentication on netscaler until all users have re-activated their tokens, because this will take some time. 


My idea was to simply add a second RADIUS policy for the new Vasco server to the netscaler vurtual server. So basically, if authentication fails for a user on one RADIUS server, it should succeed on the second one. 


Did anyone try this or has a bit more infos? I am thankful for any tipps.


Link to comment
Share on other sites

On 3/24/2021 at 8:04 PM, Carl Stalhood1709151912 said:

Citrix Gateway supports Cascade authentication so if the first one fails then it will try the second one.


If Basic policies, simply bind both to the Gateway vServer in priority order.


Awesome carl, thank you very much. I was a little concerned to just "try and error" this. But it works like a charm. 


Have a nice day

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...