Question
How can we configure a Citrix NetScaler for RAIDUS?
Answer
To configure a Citrix NetScaler you will need to have a configured an Passly RADIUS agent. Follow RADIUS Setup Docs, here.
- Navigate to NetScaler Gateway > Policies > Authentication > RADIUS.
- Select Server.
- Add a server, using the IP Address and Client secret you configured in Passly as the RADIUS client.
Note: We recommend that you change the Time-out (seconds) from 3 to 15. - Create a Policy for the Web Portal:
Name: Passly Citrix WebPortal
Server: (The server you created in the prior step)
Expression: REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver - Create a Policy for the Citrix Receiver.
Name: Passly Citrix Receiver
Server: The server you created
Expression: REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver - Select Primary Global Bindings from the Policy tab.
- Select Add Binding, and add both policies. Set the Receiver policy with Priority 90, and the WebPortal policy at 100.
- Make sure all changes are saved.
Note: If you do not want to bind the polices globally, you can map them on a virtual server-by-virtual server basis, by selecting the virtual server in question, and mapping up the authentication policies from the edit screen.
Test
Log in to your Access Gateway as normal, and test the RADIUS auth. Both of the following methods should work.
Username/Password -> Push -> Login
Username/(Password),(OTP) -> Login.