Situation: We upgraded to 10.5 for our Citrix Netscalers and quickly realised that password changing was broken. Further to this, the end users were simply getting the ambigious ‘Incorrect user name or password’ during change (the password change screen would come up and allow them to enter their new password but then simply quit out, with incorrect username and password) The same message would appear when authenticating a user that was NOT a member of the allowed ‘Netscaler’ AD group.
Solution Password Change:
These vary from 10.1 to 10.5 but I have provided both screenshots just incase.
On 10.5 the ‘Allow password change’ option has seemingly ‘disappeared’
Yet in netscaler 10.1 world the option is ever present
The solution for 10.5 it turns out, is simply to enable SSL
Solution Password Feedback:
No only could we not change passwords (above) – when we attempted to change a password that didnt meet the complexity requirements or when a user attempted to access the Netscaler that wasnt a part of the AD authentication group – they simply got the ‘Incorrect user name or password’
The solution on 10.5 turns out that we simply need to globally enable the AAA parameter ‘enable enhanced authentication feedback’
This finally means that when we change our password via the Netscaler to a password that is not complex enough or if we log in but are not a member of the Authentication policy group we get the following correct responses from the Netscaler.