netscaler.adc.authenticationradiusaction module – Configuration for RADIUS action resource.

Note

This module is part of the netscaler.adc collection (version 2.6.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netscaler.adc.

To use it in a playbook, specify: netscaler.adc.authenticationradiusaction.

New in netscaler.adc 2.0.0

Synopsis

  • Configuration for RADIUS action resource.

Parameters

Parameter

Comments

accounting

string

Whether the RADIUS server is currently accepting accounting messages.

Choices:

  • "ON"

  • "OFF"

api_path

string

Base NITRO API path.

Define only in case of an ADM service proxy call

Default: "nitro/v1/config"

authentication

string

Configure the RADIUS server state to accept or refuse authentication messages.

Choices:

  • "ON"

  • "OFF"

authservretry

float

Number of retry by the Citrix ADC before getting response from the RADIUS server.

authtimeout

float

Number of seconds the Citrix ADC waits for a response from the RADIUS server.

callingstationid

string

Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.

Choices:

  • "ENABLED"

  • "DISABLED"

defaultauthenticationgroup

string

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

ipattributetype

float

Remote IP address attribute type in a RADIUS response.

ipvendorid

float

Vendor ID of the intranet IP attribute in the RADIUS response.

NOTE: A value of 0 indicates that the attribute is not vendor encoded.

managed_netscaler_instance_id

string

added in netscaler.adc 2.6.0

The ID of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_ip

string

added in netscaler.adc 2.6.0

The IP of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_name

string

added in netscaler.adc 2.6.0

The name of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_password

string

added in netscaler.adc 2.6.0

The password of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

managed_netscaler_instance_username

string

added in netscaler.adc 2.6.0

The username of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

name

string

Name for the RADIUS action.

Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the RADIUS action is added.

netscaler_console_as_proxy_server

boolean

added in netscaler.adc 2.6.0

The IP address of the NetScaler ADC appliance acting as a proxy server.

Define only in case of an ADM service proxy call

Choices:

  • false ← (default)

  • true

nitro_auth_token

string

The authentication token provided by a login operation.

nitro_pass

string

The password with which to authenticate to the NetScaler ADC node.

nitro_protocol

string

Which protocol to use when accessing the nitro API objects.

Choices:

  • "http"

  • "https" ← (default)

nitro_user

string

The username with which to authenticate to the NetScaler ADC node.

nsip

string / required

The ip address of the NetScaler ADC appliance where the nitro API calls will be made.

The port can be specified with the colon (:). E.g. 192.168.1.1:555.

passencoding

string

Encoding type for passwords in RADIUS packets that the Citrix ADC sends to the RADIUS server.

Choices:

  • "pap"

  • "chap"

  • "mschapv1"

  • "mschapv2"

pwdattributetype

float

Vendor-specific password attribute type in a RADIUS response.

pwdvendorid

float

Vendor ID of the attribute, in the RADIUS response, used to extract the user password.

radattributetype

float

RADIUS attribute type, used for RADIUS group extraction.

radgroupseparator

string

RADIUS group separator string

The group separator delimits group names within a RADIUS attribute for RADIUS group extraction.

radgroupsprefix

string

RADIUS groups prefix string.

This groups prefix precedes the group names within a RADIUS attribute for RADIUS group extraction.

radkey

string

Key shared between the RADIUS server and the Citrix ADC.

Required to allow the Citrix ADC to communicate with the RADIUS server.

radnasid

string

If configured, this string is sent to the RADIUS server as the Network Access Server ID (NASID).

radnasip

string

If enabled, the Citrix ADC IP address (NSIP) is sent to the RADIUS server as the Network Access Server IP (NASIP) address.

The RADIUS protocol defines the meaning and use of the NASIP address.

Choices:

  • "ENABLED"

  • "DISABLED"

radvendorid

float

RADIUS vendor ID attribute, used for RADIUS group extraction.

save_config

boolean

If true the module will save the configuration on the NetScaler ADC node if it makes any changes.

The module will not save the configuration on the NetScaler ADC node if it made no changes.

Choices:

  • false ← (default)

  • true

serverip

string

IP address assigned to the RADIUS server.

servername

string

RADIUS server name as a FQDN. Mutually exclusive with RADIUS IP address.

serverport

integer

Port number on which the RADIUS server listens for connections.

state

string

The state of the resource being configured by the module on the NetScaler ADC node.

When present, the resource will be added/updated configured according to the module’s parameters.

When absent, the resource will be deleted from the NetScaler ADC node.

When unset, the resource will be unset on the NetScaler ADC node.

Choices:

  • "present" ← (default)

  • "absent"

  • "unset"

targetlbvserver

string

If transport mode is TLS, specify the name of LB vserver to associate. The LB vserver needs to be of type TCP and service associated needs to be SSL_TCP

transport

string

Transport mode to RADIUS server.

Choices:

  • "UDP"

  • "TCP"

  • "TLS"

tunnelendpointclientip

string

Send Tunnel Endpoint Client IP address to the RADIUS server.

Choices:

  • "ENABLED"

  • "DISABLED"

validate_certs

boolean

If false, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

Notes

Note

Examples

---
- name: Sample authenticationradiusaction playbook
  hosts: demo_netscalers
  gather_facts: false
  tasks:
    - name: Configure authenticationradiusaction
      delegate_to: localhost
      netscaler.adc.authenticationradiusaction:
        state: present
        name: RADIUS_10.102.222.187
        serverip: 10.102.222.187
        serverport: 1812
        authtimeout: '3'
        radkey: freebsd
        radnasip: DISABLED
        passencoding: pap
        ipvendorid: '0'
        accounting: 'ON'
        callingstationid: DISABLED

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

changed

boolean

Indicates if any change is made by the module

Returned: always

Sample: true

diff

dictionary

Dictionary of before and after changes

Returned: always

Sample: {"after": {"key2": "pqr"}, "before": {"key1": "xyz"}, "prepared": "changes done"}

diff_list

list / elements=string

List of differences between the actual configured object and the configuration specified in the module

Returned: when changed

Sample: ["Attribute `key1` differs. Desired: (<class 'str'>) XYZ. Existing: (<class 'str'>) PQR"]

failed

boolean

Indicates if the module failed or not

Returned: always

Sample: false

loglines

list / elements=string

list of logged messages by the module

Returned: always

Sample: ["message 1", "message 2"]

Authors

  • Sumanth Lingappa (@sumanth-lingappa)

  • Shiva Shankar Vaddepally (@shivashankar-vaddepally)