ADC NITRO APIs

aaaradiusparams

Configuration for RADIUS parameter resource.

Properties

(click to see Operations )

Name Data Type Permissions Description
serverip Read-write IP address of your RADIUS server.

Minimum length = 1
serverport Read-write Port number on which the RADIUS server listens for connections.

Default value: 1812

Minimum value = 1
authtimeout Read-write Maximum number of seconds that the Citrix ADC waits for a response from the RADIUS server.

Default value: 3

Minimum value = 1
radkey Read-write The key shared between the RADIUS server and clients.

Required for allowing the Citrix ADC to communicate with the RADIUS server.

Minimum length = 1
radnasip Read-write Send the Citrix ADC IP (NSIP) address to the RADIUS server as the Network Access Server IP (NASIP) part of the Radius protocol.

Possible values = ENABLED, DISABLED
radnasid Read-write Send the Network Access Server ID (NASID) for your Citrix ADC to the RADIUS server as the nasid part of the Radius protocol.
radvendorid Read-write Vendor ID for RADIUS group extraction.

Minimum value = 1
radattributetype Read-write Attribute type for RADIUS group extraction.

Minimum value = 1
radgroupsprefix Read-write Prefix string that precedes group names within a RADIUS attribute for RADIUS group extraction.
radgroupseparator Read-write Group separator string that delimits group names within a RADIUS attribute for RADIUS group extraction.
passencoding Read-write Enable password encoding in RADIUS packets that the Citrix ADC sends to the RADIUS server.

Default value: mschapv2

Possible values = pap, chap, mschapv1, mschapv2
ipvendorid Read-write Vendor ID attribute in the RADIUS response.

If the attribute is not vendor-encoded, it is set to 0.
ipattributetype Read-write IP attribute type in the RADIUS response.

Minimum value = 1
accounting Read-write Configure the RADIUS server state to accept or refuse accounting messages.

Possible values = ON, OFF
pwdvendorid Read-write Vendor ID of the password in the RADIUS response. Used to extract the user password.

Minimum value = 1
pwdattributetype Read-write Attribute type of the Vendor ID in the RADIUS response.

Minimum value = 1
defaultauthenticationgroup Read-write This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

Maximum length = 64
callingstationid Read-write Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.

Default value: DISABLED

Possible values = ENABLED, DISABLED
authservretry Read-write Number of retry by the Citrix ADC before getting response from the RADIUS server.

Default value: 3

Minimum value = 1

Maximum value = 10
authentication Read-write Configure the RADIUS server state to accept or refuse authentication messages.

Default value: ON

Possible values = ON, OFF
tunnelendpointclientip Read-write Send Tunnel Endpoint Client IP address to the RADIUS server.

Default value: DISABLED

Possible values = ENABLED, DISABLED
groupauthname Read-only To associate AAA users with an AAA group, use the command



“bind AAA group … -username …”.



You can bind different policies to each AAA group. Use the command



“bind AAA group … -policy …”.
ipaddress Read-only IP Address.
builtin <String[]> Read-only Indicates that a variable is a built-in (SYSTEM INTERNAL) type.

Possible values = MODIFIABLE, DELETABLE, IMMUTABLE, PARTITION_ALL
feature Read-only The feature to be checked while applying this config.

Operations

(click to see Properties )

  • UPDATE
  • UNSET
  • GET (ALL)

Some options that you can use for each operations:

  • Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the 'warning' query parameter as 'yes'. For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:

    http:// <netscaler-ip-address> /nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code '209 X-NITRO-WARNING'.

  • Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER: <username>

    X-NITRO-PASS: <password>

    Note: In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

*Note: *

Mandatory parameters are marked in red and placeholder content is marked in green

update

URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaradiusparams

HTTP Method: PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Content-Type:application/json

Request Payload:


{"aaaradiusparams":{
      "serverip":<String_value>,
      "serverport":<Integer_value>,
      "authtimeout":<Double_value>,
<b>      "radkey":<String_value>,
</b>      "radnasip":<String_value>,
      "radnasid":<String_value>,
      "radvendorid":<Double_value>,
      "radattributetype":<Double_value>,
      "radgroupsprefix":<String_value>,
      "radgroupseparator":<String_value>,
      "passencoding":<String_value>,
      "ipvendorid":<Double_value>,
      "ipattributetype":<Double_value>,
      "accounting":<String_value>,
      "pwdvendorid":<Double_value>,
      "pwdattributetype":<Double_value>,
      "defaultauthenticationgroup":<String_value>,
      "callingstationid":<String_value>,
      "authservretry":<Double_value>,
      "authentication":<String_value>,
      "tunnelendpointclientip":<String_value>
}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

unset

URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaradiusparams? action=unset

HTTP Method: POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Content-Type:application/json

Request Payload:


{"aaaradiusparams":{
      "serverip":true,
      "serverport":true,
      "authtimeout":true,
      "radnasip":true,
      "radnasid":true,
      "radvendorid":true,
      "radattributetype":true,
      "radgroupsprefix":true,
      "radgroupseparator":true,
      "passencoding":true,
      "ipvendorid":true,
      "ipattributetype":true,
      "accounting":true,
      "pwdvendorid":true,
      "pwdattributetype":true,
      "defaultauthenticationgroup":true,
      "callingstationid":true,
      "authservretry":true,
      "authentication":true,
      "tunnelendpointclientip":true
}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

get (all)

URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaradiusparams

HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Accept:application/json

Response:

HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Header:

Content-Type:application/json

Response Payload:


{ "aaaradiusparams": [ {
      "serverip":<String_value>,
      "serverport":<Integer_value>,
      "radkey":<String_value>,
      "groupauthname":<String_value>,
      "authtimeout":<Double_value>,
      "radnasip":<String_value>,
      "radnasid":<String_value>,
      "ipaddress":<String_value>,
      "radvendorid":<Double_value>,
      "radattributetype":<Double_value>,
      "radgroupsprefix":<String_value>,
      "radgroupseparator":<String_value>,
      "passencoding":<String_value>,
      "ipvendorid":<Double_value>,
      "ipattributetype":<Double_value>,
      "accounting":<String_value>,
      "pwdvendorid":<Double_value>,
      "pwdattributetype":<Double_value>,
      "defaultauthenticationgroup":<String_value>,
      "callingstationid":<String_value>,
      "authservretry":<Double_value>,
      "authentication":<String_value>,
      "tunnelendpointclientip":<String_value>,
      "builtin":<String[]_value>,
      "feature":<String_value>
}]}

<!--NeedCopy-->
aaaradiusparams