Results 1 to 4 of 4
  1. #1

    Default integrate nsroot with Radius

    Hi,

    Can we integrate nsroot with Radius or can we create another user and disable access for nsroot.

    can any one provide NetScaler appliance hardening checklist which includes best practices.

    Thanks

  2. #2

    Default

    I don't recall offhand if you can disable the nsroot account, but I personally would simply change the password to something more secure and leave it the account active rather than risk losing complete access should the secondary authentication mechanisms fail. What version of the code are you running? I'll assume 10.0.x.x based off one of your other posts. Here's a guide to setting up secondary authentication: http://support.citrix.com/proddocs/t...thncn-tsk.html

    The netscaler is already a hardened device, but there are some additional steps you could take. Here's an older blog post you can check out: http://blogs.citrix.com/2010/11/01/l...cing-hardened/
    Brian Welchel
    CTXSupport.com

  3. #3

    Default

    Dear Brian,

    Thnaks for your update.

    From this what we can say we cannot disable nsroot or either we cannot integrate nsroot with Radius.


    Quote Originally Posted by Brian View Post
    I don't recall offhand if you can disable the nsroot account, but I personally would simply change the password to something more secure and leave it the account active rather than risk losing complete access should the secondary authentication mechanisms fail. What version of the code are you running? I'll assume 10.0.x.x based off one of your other posts. Here's a guide to setting up secondary authentication: http://support.citrix.com/proddocs/t...thncn-tsk.html

    The netscaler is already a hardened device, but there are some additional steps you could take. Here's an older blog post you can check out: http://blogs.citrix.com/2010/11/01/l...cing-hardened/

  4. #4

    Default

    You can set rights on a RADIUS account to be the equivalent to nsroot through group permissions, but I wouldn't disable nsroot even if it was possible because you'd have no other way in if RADIUS authentication failed for some reason.
    Brian Welchel
    CTXSupport.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •