authentication-negotiateAction¶
The following operations can be performed on "authentication-negotiateAction":
set authentication negotiateAction¶
Configures an AD KDC server profile (negotiate action).
Synopsis¶
set authentication negotiateAction
Arguments¶
name Name of the AD KDC server profile.
domain Domain name of the service principal that represnts Citrix ADC.
domainUser User name of the account that is mapped with Citrix ADC principal. This can be given along with domain and password when keytab file is not available. If username is given along with keytab file, then that keytab file will be searched for this user's credentials.
domainUserPasswd Password of the account that is mapped to the Citrix ADC principal.
defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
keytab The path to the keytab file that is used to decrypt kerberos tickets presented to Citrix ADC. If keytab is not available, domain/username/password can be specified in the negotiate action configuration
NTLMPath The path to the site that is enabled for NTLM authentication, including FQDN of the server. This is used when clients fallback to NTLM.
add authentication negotiateAction¶
Creates an action (profile) for an Active Directory (AD) server that is used as a Kerberos Key Distribution Center (KDC). The profile contains all configuration data necessary to communicate with that AD KDC server.
Synopsis¶
add authentication negotiateAction
Arguments¶
name Name for the AD KDC server profile (negotiate action). Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after AD KDC server profile is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my authentication action" or 'my authentication action').
domain Domain name of the service principal that represnts Citrix ADC.
domainUser User name of the account that is mapped with Citrix ADC principal. This can be given along with domain and password when keytab file is not available. If username is given along with keytab file, then that keytab file will be searched for this user's credentials.
domainUserPasswd Password of the account that is mapped to the Citrix ADC principal.
defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
keytab The path to the keytab file that is used to decrypt kerberos tickets presented to Citrix ADC. If keytab is not available, domain/username/password can be specified in the negotiate action configuration
NTLMPath The path to the site that is enabled for NTLM authentication, including FQDN of the server. This is used when clients fallback to NTLM.
rm authentication negotiateAction¶
Removes an AD KDC server profile (negotiate action). An action cannot be removed if it is bound to a policy.
Synopsis¶
rm authentication negotiateAction
Arguments¶
name Name of the AD KDC server profile to be removed.
unset authentication negotiateAction¶
Use this command to remove authentication negotiateAction settings.Refer to the set authentication negotiateAction command for meanings of the arguments.
Synopsis¶
unset authentication negotiateAction
show authentication negotiateAction¶
Displays the current configuration settings for the specified AD KDC server profile (negotiate action).
Synopsis¶
show authentication negotiateAction [
Arguments¶
name Name of the AD KDC server profile.
Output¶
domain Domain name of the service principal that represnts Citrix ADC.
domainUser User name of the account that is mapped with Citrix ADC principal. This can be given along with domain and password when keytab file is not available. If username is given along with keytab file, then that keytab file will be searched for this user's credentials.
domainUserPasswd Password of the account that is mapped to the Citrix ADC principal.
OU Active Directory organizational units (OU) attribute.
defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
keytab The path to the keytab file that is used to decrypt kerberos tickets presented to Citrix ADC. If keytab is not available, domain/username/password can be specified in the negotiate action configuration
kcdSPN Host SPN extracted from keytab file.
NTLMPath The path to the site that is enabled for NTLM authentication, including FQDN of the server. This is used when clients fallback to NTLM.
stateflag devno count