100%(5)5 out of 5 people found this document helpful
This preview shows page 137 - 139 out of 198 pages.
system groups and managing delegated administrator rights using group extraction. You will use the NetScaler Configuration Utility GUI to perform this exercise. In this exercise, you will perform the following tasks: Integrate External Authentication with NetScaler System Access using LDAP policies. Manage permissions using Group Extraction. Step Action 1.Connect to the NetScaler HA Pair Configuration Utility using the NSMGMT SNIP at . Log on to the utility using the following credentials: User Name: nsrootPassword: nsroot2.Create system groups that correspond to the Groups in Active Directory. Group names are case-sensitive on the NetScaler. Browse to System >User Administration >Groups. Click Add. 3.Create System Group Training_NSAdmins with superuser permissions. Enter Training_NSAdminsin the Group Namebox. Click Bindunder Command Policies. Select superuserto make it active and click Insert. Click Create. 4.Create System Group Training_NSOperators with operator permissions. Click Addto add a new system group. Enter Training_NSOperatorsin the Group Namebox. Click Bindunder Command Policies. Select operatorto make it active and click Insert. Click Create. 5.Create an Authentication Action for external authentication using LDAP: Browse to System >Authentication >Basic Policies. Right-click and select Enable Feature. Click LDAP. Click the Serverstab. Click Add. The Create Authentication LDAP Server(action) dialog box opens.
138 6.Configure the authentication LDAP action with the following settings: Name: auth_ldap_srv Select Server IPIP Address: 172.21.10.103 (This is the VIP for lb_vsrv_ldap.) Port: 389 Server Type: AD Connection Settings: Base DN: dc=training,dc=lab Administrator Bind DN: [email protected]Administrator Passwordand Confirm Password: Password1 Click Test ConnectionOther Settings: Server Logon Name Attribute: sAMAccountName Group Attribute: memberOf Sub Attribute Name: cn Click Create. 7.Create an Authentication Policy for LDAP authentication: Click the Policiestab. Click Add. Enter auth_ldap_policyin the Namebox. Select auth_ldap_srvfrom the Serverdrop-down list. Enter ns_truein the Expressionbox. (Authentication policies use classic policy expression syntax.) Click Create. Click OK on the warning. 8.Bind the policy to the system global object for system authentication: Click Global Bindings. Click Click to Selectunder Policy Binding. Select auth_ldap_policyand click Select. Click Bind. Click Done. The LDAP policy is now bound to the System Global object. Access to management IP addresses on the NetScaler (NSIP and management enabled SNIPs) will attempt to authenticate using the bound LDAP policy. However, system access will still fall through to local accounts if the authentication policy fails. (The superuser and other local accounts are still active.) 9.Save the NetScaler Configuration and confirm.