F5 BigIP v.15 integration with Windows 2016 NPS
I am trying to sort out the F5 attributes within a Windows 2016 NPS server. I have the Azure MFA prompts working however due to unset attributes within NPS my admin AD user is not permitted to login into the F5 ADMIN page.
Need better understanding on how to configure vendor specific attributes to allow users in as ADMIN, Operator, READONLY. Currently I have a condition set to an AD sec. group within the network policy which we have used in the past with the LDAP connector.
Tried the F5 KB articles but cannot make sense of how this would be configured on the Windows NPS server side. Thank you.
I was able to get this to finally work using a combination of articles here :
https://my.f5.com/manage/s/article/K14324
You want your Windows NPS server to return the attribute value of 0 (0=admin or whatever # using the F5 VSA article) to F5 BIGIP to let that user in.
Here are some screen shots of the network policy.
You want to define the vendor code to 3375 (F5)
You want to set the vendor-assigned attribute number to 1 which the F5 line for the user role (that can be found in that f5 article) :
ATTRIBUTE F5-LTM-User-Role 1 integer
You want that vendor-assigned attribute number of 1 to pass the DECIMAL value of 0 which is the admin level to the load balancer.