Technology Sharing

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

If you use the traditional two-factor authentication method, you can implement LDAP and RADIUS two-factor authentication by configuring Gateway Virtual Server on Citrix ADC (NetScaler) 13.1. The current configuration method uses Category vServer + two Basic Authtication Policies. The following are the detailed steps:

Step 1: Configure LDAP authentication policy

1. Create an LDAP authentication server

   • Log on to the Citrix ADC management console.
   • Navigate to Configuration > Security > AAA - Application Traffic > Authentication > Servers。
   • Click Add button.
   • In the pop-up window, select LDAP as the server type.
   • Fill in the server details (such as IP address, port, Base DN, Bind DN, etc.).
   • Save the configuration.

2. Creating an LDAP Authentication Policy

   • Navigate to Configuration > Security > AAA - Application Traffic > Authentication > Policies。
   • Click Add button.
   • In the pop-up window, select LDAP as a policy type.
   • Bind to the LDAP server you just created.
   • Enter a policy name and expression (such as ns_true）。
   • Save the policy.

Step 2: Configure RADIUS authentication policy

1. Create a RADIUS authentication server

   • Navigate to Configuration > Security > AAA - Application Traffic > Authentication > Servers。
   • Click Add button.
   • In the pop-up window, select RADIUS as the server type.
   • Fill in the server details (such as IP address, port, shared secret, etc.).
   • Save the configuration.

2. Creating a RADIUS Authentication Policy

   • Navigate to Configuration > Security > AAA - Application Traffic > Authentication > Policies。
   • Click Add button.
   • In the pop-up window, select RADIUS as a policy type.
   • Bind the RADIUS server that you just created.
   • Enter a policy name and expression (such as ns_true）。
   • Save the policy.

Step 3: Configure Gateway Virtual Server (Auth vServer)

1. Creating an Authentication Virtual Server
   • Navigate to Configuration > Security > AAA - Application Traffic > Authentication > Virtual Servers。
   • Click Add button.
   • Enter the virtual server name and IP address.
   • Select the protocol (such as HTTP or HTTPS).
   • Save the configuration.

Step 3: Configure Gateway Virtual Server

1. Bind LDAP and RADIUS authentication policies to the Gateway Virtual Server
   • On the Auth vServer configuration page, find Basic Authentication part.
   • Click + Button to bind LDAP authentication policy.
     • choose Primary Authentication, and then select the LDAP authentication policy you just created.
   • Click again + Button to bind RADIUS authentication policy.
     • choose Secondary Authentication, and then select the RADIUS authentication policy you just created.
       

Step 5: Test Two-Factor Authentication

1. Accessing the Authentication Virtual Server
   • Open a browser and access the URL of the configured Auth vServer.
   • Enter the user name, password (LDAP authentication), and RADIUS token (RADIUS authentication).
   • Verify that two-factor authentication is successful.

By following the above steps, you can configure LDAP and RADIUS two-factor authentication in Citrix ADC (NetScaler) 13.1 and integrate these two authentication methods on one page.