In this paper we are the steps required through LDAPS + Radius authentication for XenMobile.
[1945001konfigurieren] Terminology:- Definition
- AD Active Directory
- NSG VIP NetScaler Gateway VIP
- VIP virtual IP
- LB VIP NetScaler load balancer virtual IP
- MSSQL MS SQL 2012 Server Edition
- node XMS cluster nodes
- NSG NetScaler Gateway
- XMS XenMobile Server
- FQDN Fully Qualified domain name
- SHP Self Help portal
Disclaimer
the host domain name, user name and IP addresses in the screenshots are used for illustration purposes only. Please use the appropriate host name, user name and IP addresses from your environment.
requirements
- must obtain public SSL certificate for the XMS FQDN (Fully Qualified Domain Name)
- Public SSL certificate for the NetScaler Gateway
- APNS obtain (Apple push Notification service) certificate must be obtained.
Please go https://xenmobiletools.citrix.com/APNSCertGateKeeper-1.0/csr/ to load the CSR and get the APNS certificate.
- IP address conditions
Type the IP address | purpose | IP address |
NSIP (NetScaler IP) | NetScaler management | |
SNIP (SubNet IP) | backend message NetScaler on internal servers | |
VIP (Virtual IP) | VIP1 - For MDM Enrollment by NetScaler (DMZ or public IP). If we assign a DMZ IP, then we need the public IP to the DMZ IP.VIP2 NAT - MAM LB VIP (DMZ IP). This is for the load used Vserver balancing the load XMS servers compensates. NG communicates with the XMS server this MAM LB VIPVIP3 -. For NetScaler Gateway (DMZ or public IP) | |
XMS IP | IP address for the XMS server [1945015[ |
- hypervisor needed to import XMS virtual machine
- XenServer
- VMware
- Microsoft Hyper-V
steps that configure ldaps + radius-based authentication
1. Start to sign the XMS server via the browser and enter the username and password in the server
example: https: //
2. Go to configure. -> Settings and Cick on ldap
3. Edit the LDAP configuration.
4. Please enter the port as 636 for ldaps communication and Use Secure Connection Yes.
configuration NetScaler Gateway settings in XMS for
Domain + security token authentication
1. click Configure and click NetScaler Gateway
2. Select the NetScaler gateway and click Edit
3. Select domain and security token for login type and click Save.
NetScaler for XenMobile configuration
1. Please start the browser and enter the NetScaler management IP address and login to NetScaler GUI
2. click. on the configuration tab, and click XenMobile wizard on the left side
3. Click on 4. Getting Started
Select access through Access Gateway and balance devices- Manager server load and click Next. Here we are going to configure a load balancing VIP, which are used for enrollment purposes, and the Second NetScaler Gateway VIP for the safe provision of application of XMS by NetScaler.
5. Enter the IP address for the NetScaler Gateway.
If we provide XMS in our internal network, when users from the Internet or a remote location to connect, the link needs to NetScaler Gateway. XMS server located on the internal network behind the firewall.
6. Please note that Citrix products http://support.citrix.com/article/CTX109260 and a public SSL certificate on NetScaler import.
SSL certificate is required for the client to establish a secure connection to the NetScaler Gateway on the NetScaler Gateway Vserver.
7. Select the existing certificate.
8. Under Server certificate, we use the certificate in step 6 on NetScaler uploaded.
Click Next
9. Under Authentication Settings Include your LDAP server details such as IP address, LDAPs port number 636 (standard LDAPS port) , base DN, which is the position of the user in Active Directory and service account used for requests to the LDAP directory and the password is shown as below.
under Server login name attribute the Enter SAMAccountName or userPrincipalName to your liking.
10. Here we need to add the Load Balancing FQDN for MAM. Enter the XMS server FQDN.
All accesses to the XMS server will be passed through these MAM load balancing (LB) VIP.
Enter click the IP address for the LB-VIP (VIP2 from section to enable and) Next.
11. Choose. The server certificate for the MAM LB Vserver Since we use a wildcard certificate here we select the same certificate we in step 6 above uploaded.
12. Click Add Server under XenMobile servers Here are the XMS server add that to be bound to the LB VIP.
13. Enter the IP address of the XMS server and click.
14. Click Next
15. Click Load Balance Device Manager server. Here we will configure the LB VIP, which are used for the Device Enrollment purpose. We will retain the same XMS server to this LB VIP.
16. Enter the IP address for load balancing MDM ( VIP1 ).
17. Next as XMS Server Click we added appear earlier, as shown below.
18. Click Finish
19. Goto NetScaler Gateway -> Virtual Server and on the right side select the Virtual Server and click Edit
20. Click> Mark for " No CA certificate "
21. Click on select> Log the CA certificate.
22. Select the CA certificate and click OK.
23. Click Bind
24. Click Finish
25. on NetScaler Gateway, jumping Policies -> session -.> session profiles and select the profile that starts with "AC_OS" name and click Edit
26. Click the Advanced tab and client go to the bottom of the page.
27. Under Credential Index option Secondary.
28. Click OK.
NetScaler Gateway Authentication Configuration
1. On NetScaler Gateway, Jumping Policies -> Authentication. -> LDAP and select NS_TRUE the LDAP policy on the right side
2. Delete.
3. Set the expression REQ.HTTP.HEADER User Agent CONTAINS CitrixReceiver instead of NS_TRUE and click OK.
4. NetScaler Gateway, Jumping Policies -> Authentication -.> Radius and Select server on the right side
5. Enter the radius server data such as name, IP address, port radius and Secret Key and click Create.
6. Goto Policies and click Add
7. Enter the name of the policy and select the radius server from the drop-down in the server field.
Ask create the expression as REQ.HTTP.HEADER User Agent CONTAINS CitrixReceiver and click.
8. Select the Virtual Server and click Edit
9. Under Primary Authentication Click LDAP policy.
10. Select the policy, click Unbind and click Close
11. Under Authentication Click the Add "+" symbol of radius authentication.
12. Select the type of authentication than radius
13. Click Bind
14. Check you have previously created the radius Authentication Policy and click Insert.
15. Click OK.
16. Let us now add LDAP as Secondary Authentication Policy. Click "+" icon under authentication.
17. Select LDAP from the drop-down.
18. Select Secondary
19. Click to select the ">" symbol politics.
20. Select the LDAP policy and click OK.
21. Click Bind
22. Click Finish
23. Make sure that the policy that we should have created above always the highest priority for the case when you go ahead and add more guidelines for non-mobile users
Please refer to the Citrix product http :. // Support. citrix.com/article/CTX125364 for more information.
0 Komentar