aaaradiusparams¶
Configuration for RADIUS parameter resource.
Properties¶
(click to see Operations )
| Name | Data Type | Permissions | Description |
|---|---|---|---|
| serverip | <String> | Read-write | IP address of your RADIUS server.
Minimum length = 1 |
| serverport | <Integer> | Read-write | Port number on which the RADIUS server listens for connections.
Default value: 1812 Minimum value = 1 |
| authtimeout | <Double> | Read-write | Maximum number of seconds that the Citrix ADC waits for a response from the RADIUS server.
Default value: 3 Minimum value = 1 |
| radkey | <String> | Read-write | The key shared between the RADIUS server and clients.
Required for allowing the Citrix ADC to communicate with the RADIUS server. Minimum length = 1 |
| radnasip | <String> | Read-write | Send the Citrix ADC IP (NSIP) address to the RADIUS server as the Network Access Server IP (NASIP) part of the Radius protocol.
Possible values = ENABLED, DISABLED |
| radnasid | <String> | Read-write | Send the Network Access Server ID (NASID) for your Citrix ADC to the RADIUS server as the nasid part of the Radius protocol. |
| radvendorid | <Double> | Read-write | Vendor ID for RADIUS group extraction.
Minimum value = 1 |
| radattributetype | <Double> | Read-write | Attribute type for RADIUS group extraction.
Minimum value = 1 |
| radgroupsprefix | <String> | Read-write | Prefix string that precedes group names within a RADIUS attribute for RADIUS group extraction. |
| radgroupseparator | <String> | Read-write | Group separator string that delimits group names within a RADIUS attribute for RADIUS group extraction. |
| passencoding | <String> | Read-write | Enable password encoding in RADIUS packets that the Citrix ADC sends to the RADIUS server.
Default value: mschapv2 Possible values = pap, chap, mschapv1, mschapv2 |
| ipvendorid | <Double> | Read-write | Vendor ID attribute in the RADIUS response.
If the attribute is not vendor-encoded, it is set to 0. |
| ipattributetype | <Double> | Read-write | IP attribute type in the RADIUS response.
Minimum value = 1 |
| accounting | <String> | Read-write | Configure the RADIUS server state to accept or refuse accounting messages.
Possible values = ON, OFF |
| pwdvendorid | <Double> | Read-write | Vendor ID of the password in the RADIUS response. Used to extract the user password.
Minimum value = 1 |
| pwdattributetype | <Double> | Read-write | Attribute type of the Vendor ID in the RADIUS response.
Minimum value = 1 |
| defaultauthenticationgroup | <String> | Read-write | This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Maximum length = 64 |
| callingstationid | <String> | Read-write | Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.
Default value: DISABLED Possible values = ENABLED, DISABLED |
| authservretry | <Double> | Read-write | Number of retry by the Citrix ADC before getting response from the RADIUS server.
Default value: 3 Minimum value = 1 Maximum value = 10 |
| authentication | <String> | Read-write | Configure the RADIUS server state to accept or refuse authentication messages.
Default value: ON Possible values = ON, OFF |
| tunnelendpointclientip | <String> | Read-write | Send Tunnel Endpoint Client IP address to the RADIUS server.
Default value: DISABLED Possible values = ENABLED, DISABLED |
| groupauthname | <String> | Read-only | To associate AAA users with an AAA group, use the command
"bind AAA group ... -username ...". You can bind different policies to each AAA group. Use the command "bind AAA group ... -policy ...". |
| ipaddress | <String> | Read-only | IP Address. |
| builtin | <String[]> | Read-only | Indicates that a variable is a built-in (SYSTEM INTERNAL) type.
Possible values = MODIFIABLE, DELETABLE, IMMUTABLE, PARTITION_ALL |
| feature | <String> | Read-only | The feature to be checked while applying this config. |
Operations¶
(click to see Properties )
- UPDATE
- UNSET
- GET (ALL)
Some options that you can use for each operations:
Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the 'warning' query parameter as 'yes'. For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:
http:// <netscaler-ip-address> /nitro/v1/config/login?warning=yes
If any, the warnings are displayed in the response payload with the HTTP code '209 X-NITRO-WARNING'.
Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,
To do this, you must specify the username and password in the request header of the NITRO request as follows:
X-NITRO-USER: <username>
X-NITRO-PASS: <password>
Note: In such cases, make sure that the request header DOES not include the following:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Note:
Mandatory parameters are marked in red and placeholder content is marked in green
update¶
URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaradiusparams
HTTP Method: PUT
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Content-Type:application/json
Request Payload:
{"aaaradiusparams":{
"serverip":<String_value>,
"serverport":<Integer_value>,
"authtimeout":<Double_value>,
<b> "radkey":<String_value>,
</b> "radnasip":<String_value>,
"radnasid":<String_value>,
"radvendorid":<Double_value>,
"radattributetype":<Double_value>,
"radgroupsprefix":<String_value>,
"radgroupseparator":<String_value>,
"passencoding":<String_value>,
"ipvendorid":<Double_value>,
"ipattributetype":<Double_value>,
"accounting":<String_value>,
"pwdvendorid":<Double_value>,
"pwdattributetype":<Double_value>,
"defaultauthenticationgroup":<String_value>,
"callingstationid":<String_value>,
"authservretry":<Double_value>,
"authentication":<String_value>,
"tunnelendpointclientip":<String_value>
}}
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
unset¶
URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaradiusparams? action=unset
HTTP Method: POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Content-Type:application/json
Request Payload:
{"aaaradiusparams":{
"serverip":true,
"serverport":true,
"authtimeout":true,
"radnasip":true,
"radnasid":true,
"radvendorid":true,
"radattributetype":true,
"radgroupsprefix":true,
"radgroupseparator":true,
"passencoding":true,
"ipvendorid":true,
"ipattributetype":true,
"accounting":true,
"pwdvendorid":true,
"pwdattributetype":true,
"defaultauthenticationgroup":true,
"callingstationid":true,
"authservretry":true,
"authentication":true,
"tunnelendpointclientip":true
}}
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
get (all)¶
URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaradiusparams
HTTP Method: GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Accept:application/json
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
Response Header:
Content-Type:application/json
Response Payload:
{ "aaaradiusparams": [ {
"serverip":<String_value>,
"serverport":<Integer_value>,
"radkey":<String_value>,
"groupauthname":<String_value>,
"authtimeout":<Double_value>,
"radnasip":<String_value>,
"radnasid":<String_value>,
"ipaddress":<String_value>,
"radvendorid":<Double_value>,
"radattributetype":<Double_value>,
"radgroupsprefix":<String_value>,
"radgroupseparator":<String_value>,
"passencoding":<String_value>,
"ipvendorid":<Double_value>,
"ipattributetype":<Double_value>,
"accounting":<String_value>,
"pwdvendorid":<Double_value>,
"pwdattributetype":<Double_value>,
"defaultauthenticationgroup":<String_value>,
"callingstationid":<String_value>,
"authservretry":<Double_value>,
"authentication":<String_value>,
"tunnelendpointclientip":<String_value>,
"builtin":<String[]_value>,
"feature":<String_value>
}]}