Forum Discussion

rafaelbn_176840's avatar
Icon for Altocumulus rankAltocumulus
Feb 23, 2018

BIG-IP authentication for admin users. Remote Role Groups for TACACs and RADIUS

Hello Devs!


How's everybody doing?!


I'm trying to wrap my head around remote role groups. Authenticating any BIG-IP against AD/TACACs/RADIUS/LDAP is pretty easy. You point to correct server and voialá, you can authenticate.


But the thing is that giving any authenticated user role administrator seems a bit risky.


I know there is the feature for "Remote Role Groups". I tested it with AD and it was very straight forward to setup so only users from a specific group had role Admin.


Is it possible to use "Remote Role Groups" with TACACs and RADIUS? What would be the attribute string?



I ask this because it would be easier to thinker with remote role groups than trying to mess with tacacs/radius softwares.