Jump to content
Welcome to our new Citrix community!

How can I set up minimal ssh access to AD groups so the help desk can run the command "user unlock aaa (username)" and not have admin access?

David Lowe 2

Recommended Posts


We currently need to have our Level 1 help desk contact out Level 3 admins in order to unlock users that lock themselves out while trying to log into Citrix remotely through the Netscaler. The users get prompted to wait 30 minutes before trying again when they call the help desk. The Level 3 admins have to SSH into the Netscaler and run "user unlock aaa (username)" to clear the lock early.

What I am looking for:

We are looking to either, provide minimal ssh access for Level 1, or see if there is a script out there that can be run, i.e., run script that prompts for the username then the script makes the connection and runs the command.

Any help would be greatly appreciated.

Link to comment
Share on other sites

Do you have ADM in place? Then built a config template, which has username as variable and uses this command to unlock the user. Then you can give the Level1 group permissions to execute this particular config template.

With that you have a kind of self service unlock.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...