NetScaler Configuration [CTX-RADIUS]

It is assumed that the Citrix NetScaler is setup and operational. An existing Domain user can authenticate using a Domain AD password and access applications, your users can access through SSL using Domain accounts. 

Register DualShield Radius Server

1. Log into the Citrix NetScaler administration console, navigate to NetScaler Gateway | Policies | Authentication | Radius, select the “Servers” tab
2. Click “Add” button on the bottom
   
   
   
   
3. Enter the details of your DualShield Radius server as highlighted above
4. Click ”Create” 

Create RADIUS Authentication Policies;

For web browsers

1. Log into the Citrix NetScaler administration console, navigate to NetScaler Gateway | Policies | Authentication | Radius, select the “Policies” tab
2. Click the “Add” button on the bottom
3. Select newly create the Radius server, e.g. “DualShield-Radius”
4. Create an “ns_true” expression
5. Click “Create” 

If you get the following error:

Ignore and click ok, for now.  The expressions were working at the of time updating this documentation after testing Netscaler ADC VPX v13.0, however for future releases these may not work and we will update this wiki guide with the advanced expression.

For Citrix Reciever

To support Citrix Receiver running on mobile devices, the following configuration steps are required. This will allow the NetScaler to detect the incoming request is from the Citrix receiver by checking the Host Header.

1. Log into the Citrix NetScaler administration console, navigate to NetScaler Gateway | Policies | Authentication | Radius, select the “Policies” tab
2. Click the “Add” button on the bottom
3. Select newly create the Radius server, e.g. “DualShield-Radius”
4. Create the following expression:
   REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver
5. Click “Create”

Create LDAP Authentication Policies;

For web browsers

1. Log into the Citrix NetScaler administration console, navigate to NetScaler Gateway | Policies | Authentication | LDAP, select the “Polices” tab
2. Click the “Add” button on the bottom
3. Select the LDAP Server, e.g. “Deepnetqa” (Create server if you don’t have one.  You can follow this guide: https://www.carlstalhood.com/netscaler-gateway-12-ldap-authentication/ )
4. Add the following expression: ns_true
5. Click "Create"

For Citrix Reciever

1. Log into the Citrix NetScaler administration console, navigate to NetScaler Gateway | Policies | Authentication | LDAP, select the “Polices” tab
2. Click the “Add” button on the bottom
3. Select the LDAP Server, e.g. “Deepnetqa” (Create server if you don’t have one)
4. Create use the following expression:
   REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver
5. Click "Create"
   
   

Related Articles

• MFA for VPN