Posts tagged LDAP
When using the Citrix Netscalers, you can find yourself login in to the management gui a few times a week to do some sort of maintenance task or just to monitor whats going on. I dont know about everyone else, but to me it is pretty annoying having to remember a different password for every appliance that I have running, so here is how to use LDAP to login to the management gui of the netscalers.
- Log in to thet NetScaler GUI with local Root credentials (preferably nsroot)
- Expand the “System” Folder and click on “Authentication”
- Click on the “Servers” tab and click the “Add” button
- Enter your Authentication server settings and Click “Create” then “Close”
- Now click on the “Policies” tab and click the “Add” button
- Enter a simple expression of “ns_true” (you must choose “Advanced Free-form” from the dropdown) and click”Create” then “Close”
- Right click your Newly created LDAP Authentication Policy and choose “Global Bindings”
- Click the “Insert Policy” button and from the drop down pick your LDAP authentication policy.
- Click OK and once you return to the Authentication Screen, you should see a green check mark under the column “Globally Bound?”
Now we have to let the NetScaler know whos going to be login in, and in order to do that we must create either a user account or a group, so lets create a group called “NetScaler-Admins”
- In “Active Directory Users and Computers” make sure that there is a group called “NetScaler-Admins”
- In the Netscaler gui, expand the “System” folder and pick “Groups”
- Click “Add” and type in a name for the group, the name must be exactly the same as the group in AD so we call this group “NetScaler-Admins”
- Assign the privileges that you want to give this group, in this case “superuser” and click the “Create” Button then the “Close” button
- Thats all there is to it, now have someone who is a member of the AD group “NetScaler-Admins” attempt to login to the NetScaler gui with their AD credentials, and it should let you right in
If you find that the login is not working, putty into the NetScaler and tail the /tmp/aaad.debug log, alot of times the issue is as simple as not being a member of the correct AD group, or our LDAP Policy/Server config not being setup correctly.
Also, these same procudures can be done for Individual user accounts as well, so if your user in ldap is jsmith, then create the user jsmith under the “Users” page instead (the password wont matter, just make it hard enough so no one will be able to guess it)
Thought i’d share how to use Crystal Reports to Query AD. Not only can you query AD, but you can combine it with SQL to write some nifty little reports.
Here are the steps:
- Create a Blank Report
- When prompted to create a connection, choose OLE DB (ADO)
- Select OLE DB Provider for Microsoft Directory Services
- Under Data Source, enter “LDAP://domain.com/OU=SOMEOU, check “Integrated Security”
Domain = the domain for your company (“mycompany.com, mycompany.local, whatever)
OU = This is the OU you want to start in, I like to use it because it makes queries faster, so usually “Users” or “Computers”, depending on what you are looking up
Integrated Security = Why Integrated? Well, Crystal ONLY supports DB Logins, what that means is that Crystal will only prompt / save you for DB passwords, but for LDAP passwords, it wont, it actually leaves it blank, so the report will work the first time, but if you try to run it again, it wont work, and you will end up locking your AD account
- Under Advanced Information just leave it as-is
- Now the connection comes up, but there are no tables. You have to create a custom command, so double click “Add Command”
- Add the query command to the window that pops up. Almost all LDAP fields are queryable
- Once you hit OK, the command will appear as a table called “command”. (You can rename this to whatever you want)
From this point on, you just Hit OK, and all the fields that were “Selected” in the command window will show up in Crystal, and you can use them to write your report.
I hope this helps someone, please feel free to leave a comment if you like.