Forum Discussion
KJ_50941
Nimbostratus
NimbostratusConfiguring LTM with CISCO ACS for TACACS autorization
Hi: all On ACS server, I modified the existing group Netadm and Ops configurations. You can add the F5 devices under Network Configuration in the correct Network Device Group, make sure the key matches the secret speficied in the TACACS+ authentication section above, choose TACACS+ (CISCO IOS) from Authenticate Using dropdown list and check Single Connect TACACS+ AAA Client. -Under Group Setup/Edit Settings/TACACS+ Settingscheck "PPP IP" and Custom Attributes, add:F5-LTM-User-Info-1=ndm
I am trying to set up ltm 6400 withj 10.0 vesrion for authentaication with F5 . on f5 I have this remote role:
remoterole {
role info ndm {
attribute "F5-LTM-User-Info-1=ndm"
console "enable"
deny disable
line order 1
role "administrator"
user partition "all"
under F5 GUI I configur as follows:
1. On F5 boxes, enable TACACS+ remote authentication. We did not create any local users and simply used remote group definitions on ACS server. Servers x.x.x.x Secret: xxxx Encryption Enabled Service Name ppp Protocol Name ip Authentication Authenticate to first server Accounting Information Send to first available server Debug Logging Enabled External Users Role No Access Partition Access All Terminal Access Disabled
please help!
group ndm already defined under ACS as admin role, how ever when I log on I am getting read only, it seems that remote role doesn't work
Juerg_WiesmannIn order to Authenticate and Authorize Access to the System, System/Users/Authentication needs to be configured correctly.
Attention: Even the Service Name and Protocol Name Options show the following never use : Service Name: ppp Protocol Name ip
Doing this will affect the Behaviour of the ACS Server dramatically, cause he will never send back the Custom Attribute on Group Level, but on User Level it would..