Nicklas Ryden Posted November 18 Posted November 18 Hi, I'm working on removing F5 portal and create a new NetScaler Unified Gateway instead. Things are working fine, but the F5 has a custom "RULE_INIT" that takes the groups beginning with "lr_" and takes the rest of the groupname (adds domainname) and creates custom RDP icons for the persons using the portal. I'm think I want the nFactor to use the LDAPS "memberOf" result and find all groups matching "lr_COMPUTERNAME", remove the "lr_" part of the name, using the reset of the name and add "domain.local". and create a new AAA attribute "rdpServerAttribute" thats comma separated, for each of the groups. then I can use the rdpServerAttribute in RDP Client https://docs.netscaler.com/en-us/netscaler-gateway/current-release/rdp-proxy/populate-rdp-url-based-on-ldap-attribute.html#to-populate-rdp-urls-based-on-the-ldap-attribute-by-using-the-gui Is this possible? And how would I do to make it happen in a nFactor-step after LDAPS-lookup? Kind Regards
Julian Jakob Posted November 19 Posted November 19 Hi Nicklas, wouldn't be enough to just create the needed RDP Bookmarks on NetScaler, create AAA groups which are identical to your AD-groups the NetScaler should filter of and bind the RDP Bookmarks to the AAA groups? So during logon NetScaler will check the group matchings and place RDP Bookmarks to the user's portal. Regards Julian
Nicklas Ryden Posted November 19 Author Posted November 19 2 hours ago, Julian Jakob said: Hi Nicklas, wouldn't be enough to just create the needed RDP Bookmarks on NetScaler, create AAA groups which are identical to your AD-groups the NetScaler should filter of and bind the RDP Bookmarks to the AAA groups? So during logon NetScaler will check the group matchings and place RDP Bookmarks to the user's portal. Regards Julian Hi Julian, Yes, that would also be a solution, but a bit more static. There are more than 200 groups and over 400 members. (and nested groups) I can script in 200 groups and 200 bookmarks in the NetScaler, but groups are constantly being added and removed from the Active Directory. I'm working on a powershell-script that can run once a day to populate an AD attribute (i.e info) with the NetScaler RDP Profile needed RDP Link Attribute (i.e info). https://docs.netscaler.com/en-us/netscaler-gateway/current-release/rdp-proxy/populate-rdp-url-based-on-ldap-attribute.html#to-populate-rdp-urls-based-on-the-ldap-attribute-by-using-the-gui I can't find if i'm able to process the "memberOf" in a nFactor result, and create a new AAA attribute. to the format needed. Cheers :)
Kari Ruissalo Posted November 19 Posted November 19 If you're already doing that Powershell bit, I would take it a bit further and in that same script manage the NetScaler config bits (PSH/Nitro, https://www.citrix.com/blogs/2017/04/20/talking-nitro-with-powershell/). I've considered the same for managing parts of configuration that are closely connected to AD groups (VPN & RDP Proxy). I don't think what you're describing here is supported on NetScaler. I might be wrong.
Nicklas Ryden Posted November 21 Author Posted November 21 On 11/19/2024 at 3:36 PM, Kari Ruissalo said: If you're already doing that Powershell bit, I would take it a bit further and in that same script manage the NetScaler config bits (PSH/Nitro, https://www.citrix.com/blogs/2017/04/20/talking-nitro-with-powershell/). I've considered the same for managing parts of configuration that are closely connected to AD groups (VPN & RDP Proxy). I don't think what you're describing here is supported on NetScaler. I might be wrong. Hi Kari, Yes, i've made a powershell-script that will populate AD attribute with the correct data. Script is done. I've also done another script that uses "invoke-nitro" and powershell module and can make the aaagroup, vpnurl and bind them with aaagroup_vpnurl_binding. Script is done. I see, most likely using the AD attribute will be the way to go :) I've found som traces of a programing code support in NetScaler called "NetScaler Lua" https://docs.netscaler.com/en-us/citrix-adc/current-release/citrix-adc-extensions/citrix-adc-extensions-language-overview With this I probably would be able to program some thing, but I'm not a developer Kind Regards, Cheers
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now