Forum Discussion

eneR_159774's avatar
eneR_159774
Icon for Nimbostratus rankNimbostratus
Jun 01, 2018

BIG-IP User Authentication against multiple directory services

Hello guys,

 

short question for you but i can't find any information about it in the documentation..

 

Is it possible to configure multiple authentication directory's like "tacacs" AND "active directory" for the access of big-ip users?

 

In this case we have admin users on tacacs directory and guest on the active directory.

 

many thanks in advance!

 

application delivery
BIG-IP
LTM
security
  • MvdG's avatar
    MvdG
    Icon for Cirrus rankCirrus
    Jun 01, 2018

    Hi,

     

    This is on the help page of the Configuration Utility (web UI).

     

    "You can configure only one user authentication scheme for the system."

     

    Maybe you van do something with APM based and create a APM policy where you can use both schemes.

     

    Regards, Martijn

     

  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Jun 01, 2018

    Hi,

     

    In F5 you can only use one authentication method at a time. And we are talking about access to F5 (GUI and CLI). You can use (GUI: System ›› Users : Authentication):

     

    • local
    • Tacacs
    • Radius
    • client cert LDAP
    • LDAP
    • AD
    • And Finaly you can use APM (APM based)

    https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-12-1-0/48.html

     

    And in this case you can mix what ever you want as long as it's supported by F5 APM.

     

    Last important point. Even if you have an external auth implemented, ROOT and ADMIN account remain in F5 as local. suppose your directory is no longer reachable by F5 you can always authenticate using these local accounts.

     

    Regards