Active Directory Authenitcation

Which products are you using LTM? APM? ASM? Is the authentcation for Admin access to the BIGIP or for access to a server through BIGIP .

create auth ldap system-auth { bind-dn "cn=bindaccount,ou=Service Accounts,ou=Some Users" bind-pw bindpw login-attribute samaccountname port ldaps search-base-dn "ou=Some Users" servers add { adserver } ssl enabled ssl-ca-cert-file CA.crt user-template %s@somedomain }
modify /auth remote-role role-info add { Admin { attribute "memberOf=CN=administrator,OU=SomeOU Groups" console tmsh line-order 500 role administrator user-partition All } }
modify /auth source { type active-directory }

This assumes you have a valid AD bind account and you have the DN of the remote role. You can look the roles up using AD tools.

Kevin,

 

I am using LTM and yes this is going to be used for administrators login so that we don't have to create users and password on the local database.

 

R Marc, you're amazing and your syntax is dead on.

 

however I am still not able to login with AD accounts for some reason so I may have to go ahead and open a case with F5 and see if they can help with this.

 

I will post the solution here after it's identified for the benefit of all fellow F5'ers.

 

Thank you all very much.

 

MJ

 

All, right after I posted my above comment, I went back and changed the settings a little and it work. Thanks all for your help

 

here's the working config: