-
Install and configure the Citrix Gateway appliance
-
VPN configuration on a Citrix Gateway appliance
-
Integrate the Citrix Gateway plug-in with Citrix Workspace app
-
Maintaining and Monitoring the System
-
Integrate Citrix Gateway with Citrix products
-
Integrate Citrix Gateway with Citrix Virtual Apps and Desktops
-
Configure settings for your Citrix Endpoint Management Environment
-
Configure load balancing servers for Citrix Endpoint Management
-
Configure load balancing servers for Microsoft Exchange with Email Security Filtering
-
Configure Citrix Endpoint Management NetScaler Connector (XNC) ActiveSync Filtering
-
Allow Access from mobile devices with Citrix Mobile Productivity Apps
-
Configure domain and security token authentication for Citrix Endpoint Management
-
Configure client certificate or client certificate and domain authentication
-
-
Access Citrix Virtual Apps and Desktops resources with the Web Interface
-
Configuring Additional Web Interface Settings on Citrix Gateway
-
Configuring Access to Applications and Virtual Desktops in the Web Interface
-
Integrate Citrix Gateway with Citrix Virtual Apps and Desktops
-
Configuring Settings for Your Citrix Endpoint Management Environment
-
Configuring Load Balancing Servers for Citrix Endpoint Management
-
Configuring Load Balancing Servers for Microsoft Exchange with Email Security Filtering
-
Configuring Citrix Endpoint Management NetScaler Connector (XNC) ActiveSync Filtering
-
Allowing Access from Mobile Devices with Citrix Mobile Productivity Apps
-
Configuring Domain and Security Token Authentication for Citrix Endpoint Management
-
Configuring Client Certificate or Client Certificate and Domain Authentication
-
-
Citrix Gateway Enabled PCoIP Proxy Support for VMware Horizon View
-
Configure DTLS VPN virtual server using SSL VPN virtual server
-
Proxy Auto Configuration for Outbound Proxy support for Citrix Gateway
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
Configuring RADIUS Group Extraction
You can configure RADIUS authorization by using a method called group extraction. Configuring group extraction allows you to administer users on your RADIUS server instead of adding them to Citrix Gateway.
You configure RADIUS authorization by using an authentication policy and configuring the group vendor identifier (ID), the group attribute type, the group prefix, and a group separator. When you configure the policy, you add an expression, and then bind the policy either globally or to a virtual server.
Configuring RADIUS on Windows Server 2003
If you are using Microsoft Internet Authentication Service (IAS) for RADIUS authorization on Windows Server 2003, during configuration of Citrix Gateway, you need to provide the following information:
- Vendor ID is the vendor-specific code that you entered in IAS.
- Type is the vendor-assigned attribute number.
- Attribute name is the type of attribute name that you defined in IAS. The default name is CTXSUserGroups=
If IAS is not installed on the RADIUS server, you can install it from Add or Remove Programs in Control Panel. For more information, see the Windows online Help.
To configure IAS, use the Microsoft Management Console (MMC) and install the snap-in for IAS. Follow the wizard, making sure you select the following settings:
- Select local computer.
- Select Remote Access Policies and create a custom policy.
- Select Windows-Groups for the policy.
- Select one of the following protocols:
- Microsoft Challenge-Handshake Authentication Protocol version 2 (MS-CHAP v2)
- Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP)
- Challenge-Handshake Authentication Protocol (CHAP)
- Unencrypted authentication (PAP, SPAP)
-
Select the Vendor-Specific Attribute.
The Vendor-Specific Attribute needs to match the users whom you defined in the group on the server with the users on Citrix Gateway. To meet this requirement, you send the Vendor-Specific Attributes to Citrix Gateway. Make sure you select RADIUS=Standard.
-
The RADIUS default is 0. Use this number for the vendor code.
-
The vendor-assigned attribute number is 0.
This is the assigned number for the User Group attribute. The attribute is in string format.
-
Select String for the Attribute format.
The Attribute value requires the attribute name and the groups.
For the Access Gateway, the attribute value is CTXSUserGroups=groupname. If two groups are defined, such as sales and finance, the attribute value is CTXSUserGroups=sales;finance. Separate each group with a semicolon.
- Remove all other entries in the Edit Dial-in Profile dialog box, leaving the one that says Vendor-Specific.
After you configure the Remote Access Policy in IAS, you configure RADIUS authentication and authorization on Citrix Gateway.
When configuring RADIUS authentication, use the settings that you configured on the IAS server.
Configuring RADIUS for Authentication on Windows Server 2008
On Windows Server 2008, you configure RADIUS authentication and authorization by using the Network Policy Server (NPS), which replaces Internet Authentication Service (IAS). You can use Server Manager and add NPS as a role to install NPS.
When you install NPS, select the Network Policy Service. After installation, you can configure RADIUS settings for your network by starting the NPS from Administrative Services on the Start menu. When you open the NPS, you add Citrix Gateway as a RADIUS client and then configure server groups.
When you configure the RADIUS client, make sure you select the following settings:
- For the vendor name, select RADIUS Standard.
- Make note of the shared secret because you will need to configure the same shared secret on Citrix Gateway.
For the RADIUS groups, you need the IP address or host name of the RADIUS server. Do not change the default settings.
After you configure the RADIUS client and groups, you then configure settings in the following two policies:
- Connection Request Policies where you configure the settings for the Citrix Gateway connection including the type of network server, the conditions for the network policy, and the settings for the policy.
- Network Policies where you configure the Extensible Authentication Protocol (EAP) authentication and the vendor-specific attributes.
When you configure the connection request policy, select Unspecified for the type of network server. You then configure your condition by selecting NAS Port Type as the condition and Virtual (VPN) as the value.
When you configure a network policy, you need to configure the following settings:
-
Select Remote Access Server (VPN Dial-up) as the type of network access server.
-
Select Encrypted Authentication (CHAP) and Unencrypted Authentication (PAP and SPAP) for the EAP.
-
Select RADIUS Standard for the Vendor-Specific Attribute.
The default attribute number is 26. This attribute is used for RADIUS authorization.
Citrix Gateway needs the vendor-specific attribute to match the users defined in the group on the server with those on Citrix Gateway. This is done by sending the vendor-specific attributes to the Citrix Gateway.
-
Select String for the attribute format.
The Attribute value requires the attribute name and the groups.
For Citrix Gateway, the attribute value is CTXSUserGroups= groupname. If two groups are defined, such as sales and finance, the attribute value is CTXSUserGroups=sales;finance. Separate each group with a semicolon.
-
The separator is that which you used on the NPS to separate groups, such as a semicolon, a colon, a space, or a period.
When you are finished configuring the remote access policy in IAS, you can configure RADIUS authentication and authorization on Citrix Gateway.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.