Forum Discussion
F5 BigIP v.15 integration with Windows 2016 NPS
I am trying to sort out the F5 attributes within a Windows 2016 NPS server. I have the Azure MFA prompts working however due to unset attributes within NPS my admin AD user is not permitted to login into the F5 ADMIN page.
Need better understanding on how to configure vendor specific attributes to allow users in as ADMIN, Operator, READONLY. Currently I have a condition set to an AD sec. group within the network policy which we have used in the past with the LDAP connector.
Tried the F5 KB articles but cannot make sense of how this would be configured on the Windows NPS server side. Thank you.
I was able to get this to finally work using a combination of articles here :
https://my.f5.com/manage/s/article/K14324
You want your Windows NPS server to return the attribute value of 0 (0=admin or whatever # using the F5 VSA article) to F5 BIGIP to let that user in.
Here are some screen shots of the network policy.
You want to define the vendor code to 3375 (F5)
You want to set the vendor-assigned attribute number to 1 which the F5 line for the user role (that can be found in that f5 article) :
ATTRIBUTE F5-LTM-User-Role 1 integer
You want that vendor-assigned attribute number of 1 to pass the DECIMAL value of 0 which is the admin level to the load balancer.
- Leslie_HubertusRet. Employee
viziony - the article How I did It - “Integrating Azure MFA with the BIG-IP” might help, and if not the author may be able to help
- vizionyCirrus
I was able to get this to finally work using a combination of articles here :
https://my.f5.com/manage/s/article/K14324
You want your Windows NPS server to return the attribute value of 0 (0=admin or whatever # using the F5 VSA article) to F5 BIGIP to let that user in.
Here are some screen shots of the network policy.
You want to define the vendor code to 3375 (F5)
You want to set the vendor-assigned attribute number to 1 which the F5 line for the user role (that can be found in that f5 article) :
ATTRIBUTE F5-LTM-User-Role 1 integer
You want that vendor-assigned attribute number of 1 to pass the DECIMAL value of 0 which is the admin level to the load balancer.
- Leslie_HubertusRet. Employee
Thanks for sharing your solution so future users can see what to do!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com