Summary
To date, the majority of XenMobile implementations of Active Directory for authentication and user groups is used. However, depending on your requirements, the authentication via a "local" directory may be preferred
. For example:
- Third-party contractors who are AD credentials issued out of necessity, and this approach should be avoided if possible.
- retail or educational institutions, where device resources are shared and are not dedicated to a single user. [1945011[
- rare occasions when users are authenticated via an unsupported directory (Novell eDirectory, for example)
- Any other scenario where the use of an AD account is not the preferred option
Add XenMobile 9.0 and earlier, was the local authentication for MDM implementations. XenMobile 10 builds on this by supporting local accounts in MAM and EMM mode introduce.
Scope
While it is possible, XM standalone with local accounts without NetScaler to benefit from features to unfold as MVPN this document focuses on a deployment that includes NetScaler Gateway.
limitations
- Integration with XenApp or XenDesktop is not supported
- In the absence of a "credential ', SSO via WorxWeb will not work from the box. However, a common / known AD credentials is entered manually and accessed by WW the first time an internal Web site can be cached. this is an optional MDX policy setting. See this eDoc below for more information and refer to the " enable Web password caching along " guidelines
configuration phase. 1 - Single user Creation
step 1 - Create a local user and the group (s) in the 10 XenMobile management console
- Select "configure" -> "settings" -> local users and groups
- Use "Manage local groups' workflow groups in accordance with your requirements create. These groups will be used to assign applications and actions regarding delivery groups guidelines.
- Close the window "Manage local groups". Select "Add" to create a local user account. Fill in the fields as shown below. Click on the picture to enlarge, if necessary
Step 2 -. Create a corresponding user account on the NetScaler Gateway
- From NetScaler administration console, select "AAA user" of the "User Management" subheading within the "NetScaler Gateway page.
- Select 'Add'
- Enter the same username and password from step 1.3 above (case sensitive) click "OK" to save
. step 3 - create a local authentication policy
- subheading of the 'authentication' 'lOCAL' Select "Guidelines " Select give
- 'Add'
- the policy name and the input ns_true expression box and click" Create "
step 4 -. Bind the local authentication policy to XenMobile NetScaler Gateway vServer
. Note: This step assumes that XenMobile 10 NetScaler configuration wizard has been completed. The local authentication policy can during the Wizard, or it can be added at a later date (in this example).
- Select and 'Edit' your XM10 vServer [1945012gebundenunderstelltwerden]
- Unbind defining all existing authentication policies
- Bind the local policy that you created in step 3
- registration for XenMobile management console
- from the "settings" on the XMS settings menu, select "NetScaler Gateway '
- Make sure the XenMobile NetScaler Gateway FQDN user is connect to the specified and selected 'domain' authentication '
- Navigate back to "Local Users and Groups" in the XenMobile management console.
- Select "Import"
- Make sure that the 'User' radio button is selected
- , you import the file
- Copy the 'username' column in its entirety.
- open a new workbook
- to the cells of step paste 1 in the second column on the new workbook
- back to the original file. Copy the "Password" column in its entirety.
- Add the "passwords" in the fouth column in the new workbook
- In the new workbook, in the first column type Add aaa user . Copy this into the desired number of rows in the first column.
- The third column type Password . Copy this into the desired number of rows in the third column
- Copy all of the text
- application to the NetScaler your SSH client of choice.
- at the prompt to paste the text from Step 8. NetScaler created the accounts.
- Open the NetScaler Gateway vServer properties screen
- Click on the + in the authentication portion
- Bind your LDAP policy that was previously removed in the article. Make sure it has a lower priority (higher number) than the "local" policy, which is already bound to the VPS. This ensures that authentication requirements for local accounts are not sent to Active Directory. If the AD authentication is required, the NetScaler checks its local database to ensure that a local account not before existed the request to be forwarded AD. If this configuration is used, it is important to call your local accounts accordingly and not to have conflicts with accounts in AD.
Note: in scenarios in which you support your XM gateway must simultaneously local and LDAP authentication guidelines, can be found in the Miscellaneous section at the end of this article.
step 5 - Check the NetScaler Gateway
that's it! you should now be able to a local account enroll with ...
However, the above example describes how to add an account. So the question is, how can you make this scalable? Rent an office temp this repetitive task to do over and over again? , Probably not the most efficient use of anyone's time
Therefore, the next two sections explain how to add user accounts in bulk to both the NetScaler and the XenMobile Server
Configuration Phase 2 -. Mass user creation
Step 1 - Create an import file
, the file should look like the example shown here look. In my example, I started from CSV.
Remember to include any local groups you want to create. If the group does not exist, the XMS creates an automatic. If the group already exists, but the XenMobile server updates the group membership no duplicates Create. Custom attributes such as your e-mail address can be added as described later in this eDoc. The column headers in the image below are for illustration purposes. Please do not use column headers to add to your file. The first line should contain your first user.
Note : As described above in the eDoc, files must use a semicolon as a delimiter . In my example I used Excel CSV file updated Advanced Regional Settings in Control Panel to create a semicolon for 'List Separation' to use.
Step 2: Download the file from step 1 in the XenMobile management console
depending on the number of records can this take some time to complete - .. The console will not time out during this process is so leave this running in the background is quite acceptable.
step 4 - accounts in bulk on the NetScaler create
Open the file from step 1 in Excel or your workbook editor of choice and the following tasks:
The file should now look as follows :.
Alternative configuration - the combination of local user accounts with certificate-based authentication
in two different places, these local accounts Maintain may not be the desired approach for any organization. Alternatively, local accounts can be created on the server and XenMobile excellent by following Avinash blogs (as described in step 2), the XenMobile Server can provide a certificate for authentication gateway. In this model no NetScaler local accounts requires are created as WorxHome uses the certificate from the server XenMobile pushed for authentication
Others -. LOCAL and LDAP authentication on the same NetScaler Gateway vServer combination
in this earlier blog configuration was suitable an environment in which only the local authentication. For many installations, it may be desirable, local and LDAP users to serve on a single XenMobile instance. For example, a retail organization that uses XenMobile to provide e-mail and intranet access for Office users are available, but use local accounts to serve for demonstration purposes municipal devices in retail.
Note :. the priority of the local policy to verify the commitment and look under the "priority" column select
Thank you to everyone who made it this far , This is my first Citrix blog so if you want me to anything to expand described above, leave a comment below!
0 Komentar