When using the Citrix Netscalers, you can find yourself login in to the management gui a few times a week to do some sort of maintenance task or just to monitor whats going on.  I dont know about everyone else, but to me it is pretty annoying having to remember a different password for every appliance that I have running, so here is how to use LDAP to login to the management gui of the netscalers.


  1. Log in to thet NetScaler GUI with local Root credentials (preferably nsroot)
  2. Expand the “System” Folder and click on “Authentication”
  3. Click on the “Servers” tab and click the “Add” button
  4. Enter your Authentication server settings and Click “Create” then “Close”
  5. Now click on the “Policies” tab and click the “Add” button
  6. Enter a simple expression of “ns_true” (you must choose “Advanced Free-form” from the dropdown) and click”Create” then “Close”
  7. Right click your Newly created LDAP Authentication Policy and choose “Global Bindings”
  8. Click the “Insert Policy” button and from the drop down pick your LDAP authentication policy.
  9. Click OK and once you return to the Authentication Screen, you should see a green check mark under the column “Globally Bound?”

Now we have to let the NetScaler know whos going to be login in, and in order to do that we must create either a user account or a group, so lets create a group called “NetScaler-Admins”

  1. In “Active Directory Users and Computers” make sure that there is a group called “NetScaler-Admins”
  2. In the Netscaler gui, expand the “System” folder and pick “Groups”
  3. Click “Add” and type in a name for the group, the name must be exactly the same as the group in AD so we call this group “NetScaler-Admins”
  4. Assign the privileges that you want to give this group, in this case “superuser” and click the “Create” Button then the “Close” button
  5. Thats all there is to it, now have someone who is a member of the AD group “NetScaler-Admins” attempt to login to the NetScaler gui with their AD credentials, and it should let you right in

If you find that the login is not working, putty into the NetScaler and tail the /tmp/aaad.debug log, alot of times the issue is as simple as not being a member of the correct AD group, or our LDAP Policy/Server config not being setup correctly.

Also, these same procudures can be done for Individual user accounts as well, so if your user in ldap is jsmith, then create the user jsmith under the “Users” page instead (the password wont matter, just make it hard enough so no one will be able to guess it)

Facebook Twitter Email Linkedin Digg Delicious