Citrix Gateway 13 Administration — Question 25

Scenario: Users belong to three Authentication, Authorization and Auditing (AAA) groups: Corporate, Finance and Software.
Show aaa groups:
>show aaa group
1) GroupName: Corporate
2) GroupName: Finance
3) GroupName: Software

Done -
>show aaa group Corporate

GroupName: Corporate -

Weight: 0 -
Authorization Policy: pol_1, Type: Classic, Priority: 0
> add authorization policy pol_1 ns_true ALLOW
> bind aaa group Corporate policy pol_1
The user is being denied resources while aaad.debug shows:
Group cporporate being extracted for user User1
Why is the user being denied access?

Answer options

• A. The Authorization policy is NOT configured properly.
• B. The group attribute is NOT configured in the LDAP policy.
• C. AAA group names are NOT the same as those in Active Directory/
• D. LDAP Base DN is incorrect.

Correct answer: D

Explanation

The correct answer is D because an incorrect LDAP Base DN can prevent the system from locating the necessary group information, leading to access denial. Options A, B, and C are not applicable since the debug output specifically points to an issue with the LDAP configuration rather than the authorization policy or group name mismatches.