AAA-default settings changed with Citrix ADC (NetScaler) 13 built 41.20

A

Yesterday I upgraded to NetScaler 13 built 41.20. Everything worked fine. No problems. But out of a sudden, my Exchange deployment failed to authenticate (I did it following Julian Mooren’s outstanding deployment guide). I did some further investigation and found all my other AAA servers don’t authenticate, even though the outcome of authentication requests was positive. I always saw a message “Error: Not an privileged user”

Citrix changed AAA default settings


Authorization settings in NetScaler and Citrix ADC Versions up to 13 built 36.27

In versions up to 13 built 36.27, default authorization was set to allow (see screen shot)

Authorization settings from Citrix ADC 13 built 41.20

In general, I am fine with this. But it may break existing configurations. Don’t change it back to the old settings. Instead, create authorization policies.

Why is it OK to change settings?

To be honest, default authorization should not be set to allow. Good deployments (mine had been a bad one) will always authorize users and won’t go with default allow. Changing default to deny just follows Citrix best practices for NetScaler / Citrix ADC.

I don’t agree to changing defaults silently!


The solution to fix Citrix NetScaler ADC AAA

As mentioned above, the old defaults had been wrong. It was right, to change the defaults to deny. But we have to authorize users to connect. To do so, we have authorization policies.


add authorization policy auth_allow_all true ALLOW

This policy could get bound, either to a user, a group, or (not recommanded, but quick and dirty) a vServer.


I hope that helps by a little bit! I would like to see your feedback

About the author

Johannes Norz

Johannes Norz is a Citrix Certified Citrix Technology Advocate (CTA), Citrix Certified Instructor (CCI) and Citrix Certified Expert on Application Delivery and Security (CCE-AppDS).

He frequently works for Citrix international Consulting Services and several education centres all around the globe.

Johannes lives in Austria. He had been borne in Innsbruck, a small city (150.000 inhabitants) in the middle of the most beautiful Austrian mountains (https://www.youtube.com/watch?v=UvdF145Lf2I)

8 comments

Leave a Reply to Johannes Norz Cancel reply

By Johannes Norz

Recent Posts

Recent Comments