[NETSCALER] Sécuriser l’accès au Management NSIP

Configurer l’Authentification LDAPS pour l’administration du Netscaler

Création du LDAP Action

add authentication ldapAction ldap_action_auth_nsip -serverIP 169.254.0.1 -serverPort 636 -ldapBase "DC=test,DC=local" -ldapBindDn svc_vpx_ldap@test.local -ldapBindDnPassword password_du_compte_de_service -ldapLoginName sAMAccountName -searchFilter "memberOf=CN=grp_netscaler_admin,OU=Citrix Groups,OU=CITRIX,DC=test,DC=local" -groupAttrName memberOf -subAttributeName cn -secType SSL -passwdChange ENABLED 

 

add system user adminmax 529b6106d73c77befa5c39cfb5226d453a28a6cda472010ff88cf70eaf750d9e4f1a63dabc274fa38bd7afa95f327c9a3bc1349a136dcc1caa909fc5cdc01d8db -encrypted -timeout 900 -maxsession 20
add system group grp_netscaler_admin
add lb monitor ldaps-test LDAP -scriptName nsldap.pl -dispatcherIP 127.0.0.1 -dispatcherPort 3013 -password 3a43f32ef669e3ba4959458119e0897b51da88b64fe5472d6c5f9e0124d5aff2 -encrypted -encryptmethod ENCMTHD_3 -kek -suffix 2024_12_02_14_20_53 -LRTM DISABLED -secure YES -baseDN "CN=svc_vpx_ldap,OU=Services,OU=Accounts,OU=CITRIX,DC=test,DC=local" -bindDN svc_vpx_ldap@test.local

add authentication ldapAction AUTHSERVER_LDAP_ADMIN -serverIP 169.254.0.1 -serverPort 636 -ldapBase "DC=test,DC=local" -ldapBindDn svc_vpx_ldap@test.local -ldapBindDnPassword 040378238d83dd8e37ec8291009a305a43e5bcaa82ea2d165159f94c74ffcb35 -encrypted -encryptmethod ENCMTHD_3 -kek -suffix 2024_12_02_14_20_53 -ldapLoginName sAMAccountName -searchFilter "memberOf=CN=grp_netscaler_admin,OU=Citrix Groups,OU=CITRIX,DC=test,DC=local" -groupAttrName memberOf -subAttributeName cn -secType SSL -passwdChange ENABLED

add lb vserver lb-virtual-server-ldaps-test SSL_TCP 169.254.0.1 636 -persistenceType NONE -cltTimeout 9000

bind lb vserver lb-virtual-server-ldaps-test service-group-ldaps-test

bind serviceGroup service-group-ldaps-test AD01 636
bind serviceGroup service-group-ldaps-test -monitorName ldaps-test

bind system user adminmax superuser 100
bind system group grp_netscaler_admin -policyName superuser 100

bind system global AUTHPOL_LDAP_ADMIN -priority 100 -gotoPriorityExpression NEXT

d

Configure LDAP authentication on the NetScaler appliance for manage_ – [docs.netscaler.com]

How to secure management access to NetScaler and create unique certificates in a highly available setup