ADC CLI Commands

authentication-negotiateAction

The following operations can be performed on “authentication-negotiateAction”:

set add rm unset show

set authentication negotiateAction

Configures an AD KDC server profile (negotiate action).

Synopsis

set authentication negotiateAction [-domain ] [-domainUser ] [-domainUserPasswd ] [-defaultAuthenticationGroup ] [-keytab ] [-NTLMPath ]

Arguments

name Name of the AD KDC server profile.

domain Domain name of the service principal that represnts Citrix ADC.

domainUser User name of the account that is mapped with Citrix ADC principal. This can be given along with domain and password when keytab file is not available. If username is given along with keytab file, then that keytab file will be searched for this user’s credentials.

domainUserPasswd Password of the account that is mapped to the Citrix ADC principal.

defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

keytab The path to the keytab file that is used to decrypt kerberos tickets presented to Citrix ADC. If keytab is not available, domain/username/password can be specified in the negotiate action configuration

NTLMPath The path to the site that is enabled for NTLM authentication, including FQDN of the server. This is used when clients fallback to NTLM.

add authentication negotiateAction

Creates an action (profile) for an Active Directory (AD) server that is used as a Kerberos Key Distribution Center (KDC). The profile contains all configuration data necessary to communicate with that AD KDC server.

Synopsis

add authentication negotiateAction {-domain } {-domainUser } {-domainUserPasswd } [-defaultAuthenticationGroup ] [-keytab ] [-NTLMPath ]

Arguments

name Name for the AD KDC server profile (negotiate action). Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after AD KDC server profile is created.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authentication action” or ‘my authentication action’).

domain Domain name of the service principal that represnts Citrix ADC.

domainUser User name of the account that is mapped with Citrix ADC principal. This can be given along with domain and password when keytab file is not available. If username is given along with keytab file, then that keytab file will be searched for this user’s credentials.

domainUserPasswd Password of the account that is mapped to the Citrix ADC principal.

defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

keytab The path to the keytab file that is used to decrypt kerberos tickets presented to Citrix ADC. If keytab is not available, domain/username/password can be specified in the negotiate action configuration

NTLMPath The path to the site that is enabled for NTLM authentication, including FQDN of the server. This is used when clients fallback to NTLM.

rm authentication negotiateAction

Removes an AD KDC server profile (negotiate action). An action cannot be removed if it is bound to a policy.

Synopsis

rm authentication negotiateAction

Arguments

name Name of the AD KDC server profile to be removed.

unset authentication negotiateAction

Use this command to remove authentication negotiateAction settings.Refer to the set authentication negotiateAction command for meanings of the arguments.

Synopsis

unset authentication negotiateAction [-domain] [-domainUser] [-domainUserPasswd] [-defaultAuthenticationGroup] [-NTLMPath]

show authentication negotiateAction

Displays the current configuration settings for the specified AD KDC server profile (negotiate action).

Synopsis

show authentication negotiateAction []

Arguments

name Name of the AD KDC server profile.

Output

domain Domain name of the service principal that represnts Citrix ADC.

domainUser User name of the account that is mapped with Citrix ADC principal. This can be given along with domain and password when keytab file is not available. If username is given along with keytab file, then that keytab file will be searched for this user’s credentials.

domainUserPasswd Password of the account that is mapped to the Citrix ADC principal.

OU Active Directory organizational units (OU) attribute.

defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

keytab The path to the keytab file that is used to decrypt kerberos tickets presented to Citrix ADC. If keytab is not available, domain/username/password can be specified in the negotiate action configuration

kcdSPN Host SPN extracted from keytab file.

NTLMPath The path to the site that is enabled for NTLM authentication, including FQDN of the server. This is used when clients fallback to NTLM.

stateflag devno count

authentication-negotiateAction