Purpose:
This post explains one method of validating authentication while using a Citrix NetScaler. I use this all the time when setting up Access Gateway but it could be used for any authentication purpose.
Symptom:
When setting up Access Gateway for the first time it can be tricky determining where your authentication is going wrong. NetScaler provides a laundry list of authentication options but I will just be testing LDAP lookup.
Resolution:
We can use the CLI to view the AAA log for a live view of the processing. SSH to the NetScaler IP (NSIP) and logon. Type "shell" and Enter. Once in the shell, type "cat /tmp/aaad.debug" and Enter.
Depending on traffic to your NetScaler, you may see a lot of messages or none at all. Either way, you will see live authentication information. This is invaluable to find out where in the process it is all going wrong or right. Below you'll see the user name is sagelike.com is authenticating via LDAP and three groups have been retrieved. The most important line is the last, where we see the accept being sent. At this point, the user has been successfully been authenticated and the process will move to the next step. For Access Gateway, this is typically using single sign-on to authenticate the user to Citrix Web Interface.
Cause:
An incorrect logon typically gives you very little feedback. This is the best method I have found to get more detailed information.
SageLike Post ID: SL0004
Applies to:
NetScaler 9.2
NetScaler 9.3
NetScaler 10.0
NetScaler 10.1
Maybe others
References:
CTX114999 - How to Troubleshoot Authentication with aaad.debug
A collection of articles focusing on virtualization, application delivery, and the digital workspace.
October 29, 2013
Subscribe to:
Posts (Atom)
Labels
4k
(1)
AAD
(1)
adc
(2)
AHV
(1)
appsense
(1)
Azure
(3)
bookclub
(2)
brian olsen
(58)
Calculator
(1)
chrome
(1)
citrix
(44)
Citrix ADC
(2)
craig jeske
(1)
cugc
(1)
CVAD
(2)
EDT
(1)
esx
(3)
feature
(17)
files
(1)
GameDVR
(1)
gtd
(2)
HDX Adaptive Transport
(1)
HDX Routing
(1)
horizon
(5)
hybrid workforce
(1)
hyper-v
(1)
IPSEC
(1)
IWA
(1)
Johnny Ma
(8)
josh espinoza
(1)
kindle
(1)
liquidware
(1)
loginvsi
(1)
LUN
(1)
mac
(2)
Machine Creation Services
(1)
MCS
(3)
microsoft
(7)
multiple monitors
(1)
netscaler
(6)
netscaler gateway
(1)
Nutanix
(1)
OGR
(1)
Okta
(1)
Optimal gateway routing
(1)
Physical Desktops
(2)
Powershell
(3)
Prism
(1)
provisioning
(2)
PVS
(1)
RDM
(1)
RDSH
(2)
receiver
(4)
registration refused
(1)
rene nelson
(1)
S2S VPN
(1)
sagelikeinfo
(2)
script
(1)
Security
(4)
Server VDI
(2)
sfw
(4)
sharefile
(1)
SSO
(1)
storefront
(2)
summit
(3)
synergy
(6)
theappfactory
(4)
Tunnel
(1)
vCenter
(2)
VDA
(4)
VDI
(3)
Virtual Apps
(1)
virtual apps desktops
(7)
Virtual Desktops
(2)
virtualization
(2)
vmware
(10)
VPN
(1)
wem
(1)
win10
(5)
windows
(5)
Windows 10
(4)
Windows 11
(2)
Windows server 2016
(3)
Windows Server 2019
(3)
Windows Server 2022
(2)
Windows Store
(1)
windows10
(5)
windows2008r2
(6)
windows7
(3)
windows8
(1)
workspace
(1)
wyse
(1)
xenapp
(14)
xendesktop
(15)
xenserver
(5)
zone
(1)
zones
(1)