Home » 10.5

Tag: 10.5

Where is my Netscaler 10.5 password change option?

Situation: We upgraded to 10.5 for our Citrix Netscalers and quickly realised that password changing was broken. Further to this, the end users were simply getting the ambigious ‘Incorrect user name or password’ during change (the password change screen would come up and allow them to enter their new password but then simply quit out, with incorrect username and password) The same message would appear when authenticating a user that was NOT a member of the allowed ‘Netscaler’ AD group.

Solution Password Change:

These vary from 10.1 to 10.5 but I have provided both screenshots just incase.

On 10.5 the ‘Allow password change’ option has seemingly ‘disappeared’

Netscaler 10.5 with the no 'password change allowed'
Netscaler 10.5 with the no ‘password change allowed’

Yet in netscaler 10.1 world the option is ever present

Netscaler 10.1 with the allow password change option. Exactly where you would expect it to be in 10.5
Netscaler 10.1 with the allow password change option. Exactly where you would expect it to be in 10.5

The solution for 10.5 it turns out, is simply to enable SSL

Netscale 10.5 appears with password change option, but only when selecting SSL
Netscale 10.5 appears with password change option, but only when selecting SSL

Solution Password Feedback:

No only could we not change passwords (above) – when we attempted to change a password that didnt meet the complexity requirements or when a user attempted to access the Netscaler that wasnt a part of the AD authentication group – they simply got the ‘Incorrect user name or password’

Netscaler 10.5 incorrect username or password
Netscaler 10.5 incorrect username or password

The solution on 10.5 turns out that we simply need to globally enable the AAA parameter ‘enable enhanced authentication feedback’

Netscaler option 'Enable Enhanced Authentication feedback'
Netscaler option ‘Enable Enhanced Authentication feedback’

 

This finally means that when we change our password via the Netscaler to a password that is not complex enough or if we log in but are not a member of the Authentication policy group we get the following correct responses from the Netscaler.

Netscaler 10.5 complexity feedback working
Netscaler 10.5 complexity feedback working
Netscaler 10.5 couldnt find the user in the AD group and returns 'user not found'
Netscaler 10.5 couldnt find the user in the AD group and returns ‘user not found’