F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

viziony's avatar
viziony
Icon for Cirrus rankCirrus
Oct 18, 2023
Solved

F5 BigIP v.15 integration with Windows 2016 NPS

I am trying to sort out the F5 attributes within a Windows 2016 NPS server. I have the Azure MFA prompts working however due to unset attributes within NPS my admin AD user is not permitted to login ...
security
viziony's avatar
viziony
Icon for Cirrus rankCirrus
Oct 20, 2023

I was able to get this to finally work using a combination of articles here :

https://my.f5.com/manage/s/article/K14324

https://community.f5.com/t5/technical-forum/how-to-add-f5-vendor-specific-radius-attirbutes-to-windows-2008/td-p/26713

You want your Windows NPS server to return the attribute value of 0 (0=admin or whatever # using the F5 VSA article) to F5 BIGIP to let that user in. 

Here are some screen shots of the network policy. 

You want to define the vendor code to 3375 (F5)

You want to set the vendor-assigned attribute number to 1 which the F5 line for the user role (that can be found in that f5 article) : 

ATTRIBUTE F5-LTM-User-Role 1 integer

You want that vendor-assigned attribute number of 1 to pass the DECIMAL value of 0 which is the admin level to the load balancer. 

 

 

  • Leslie_Hubertus's avatar
    Leslie_Hubertus
    Ret. Employee
    Oct 20, 2023

    Thanks for sharing your solution so future users can see what to do!