100%(4)4 out of 4 people found this document helpful
This preview shows page 138 - 141 out of 198 pages.
10.Click Logoutto log off from the NetScaler Configuration Utility as nsroot. 11.Test the new administrator account - trainNSAdmin: Connect to the NetScaler HA Pair Configuration Utility using the NSMGMT SNIP at .168.10.103. Log on to the utility using the following credentials: User Name: trainNSAdminPassword: Password1 SelectOK to close the error window if any.
139 12.Test superuser permissions assigned from LDAP group extraction: Browse to System >Settings. Click Configure Advanced Features. Enable Global ServerLoad BalancingClick OK. Command is accepted. Click Saveto save the NetScaler configuration. Command is also accepted. 13.Click Logoutto log off from the current session as trainNSAdmin. Takeaways: Authentication policies bound to the system global bind point; control authentication is bound to management points. Group extraction is supported with LDAP and Radius external authentication With group extraction, only the groups need to be created on the NetScaler (corresponding to the group names in the remote directory service). Command policies can be bound to the AAA groups. Individual system users do not need to be created on the NetScaler. NetScaler system authentication supports single-factor or single-factor cascade only. If multiple policies are bound, they will be attempted in priority order. For system access, if no authentication policies match, the system will automatically fall back to local authentication. This results in the nsroot account and any other local system account always being valid for management access.
140 Exercise 7-3: Admin Partitions (GUI) Introduction:In this exercise, you will learn to create and administer Admin Partitions on the NetScaler. You will use the NetScaler Configuration Utility GUI to perform this exercise. Admin Partitions allow a NetScaler to be subdivided into separate configuration and administrative boundaries. Each partition can be assigned its own networking via VLANs, and each partition maintains a separate running and saved configuration. The NetScaler default partition will contain all configuration settings made in the course up until this exercise. During this exercise, two new partitions will be created which will contain independent settings from the default partition: features, modes, services, virtual servers, policies, and more. The nsroot account will have full administrative rights on the default partition and all Admin Partitions created. The nsroot account can switch between partitions in both the GUI and the CLI. Delegated administrators can be designated with partition-only rights on one or more partitions. These delegated partition administrators, upon connecting to the NetScaler GUI or CLI can only administer and see the partition or partitions on which they have permissions.