F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Jos_Klaver_1507's avatar
Jos_Klaver_1507
Icon for Nimbostratus rankNimbostratus
Nov 07, 2014

Active Directory user cannot authenticate to webserver console F5 ARX

I can access the ARX F5 management console with my Active Directory admin account. The group Domain Admins has been added to the Windows Mgmt.ACl group list. I have also added the active directory group Domain Users to the Windows Mgmt.ACl group list and added an Active Directory account to the group Domain Users. I have added monitor permission to the Domain Users group.

 

The user account with only membership of the Domain Users group is not able to login. Events in the system log. Please help. 2014-11-07T09:36:14.111+0000:AARX003:1-1-ACM-31109:AUTH_HTTPS-0-NOTE-AUTH_LOGIN_STATUS_FAIL:: LOGIN FAILURE @10.33.6.91 session 5068 interface 10.33.50.152 auth provider LOC 2014-11-07T09:36:14.237+0000:AARX003:1-1-ACM-31110:SECURITY_CLI-0-NOTE-ADAUTH_NO_ARX_GROUPS:: User 126068@rotterdam.local has no AD group from DC 10.33.50.43 corresponding to any ARX group. 2014-11-07T09:36:14.245+0000:AARX003:1-1-ACM-31110:AUTH_HTTPS-0-NOTE-AUTH_LOGIN_STATUS_FAIL:: LOGIN FAILURE @10.33.6.91 session 5068 interface auth provider AD 2014-11-07T09:36:14.254+0000:AARX003:1-1-ACM-10372:GUI-0-ERR-MSG3:: ARX Manager: Permission denied for user from 10.33.6.91

 

management

1 Reply

  • R_Eastman_13667's avatar
    R_Eastman_13667
    Historic F5 Account
    Nov 07, 2014

    Double check your Attribute string in the System >> Users:Remote Role Groups >> Domain Users.

     

    We had an issue where the CN in AD didn't match what was in the attribute string setting on the F5.

     

    Example: memberOf=CN=F5 Admin,OU=Administrators,OU=ROTTERDAM,OU=SOMETHING,DC=this,DC=is,DC=cool