Forum Discussion
F5 Device discovery using Active Directory integrated authentication through Remote Directory Tree Mapping
[posting on behalf of Fabrizio]
Hi Julian,
The customer is testing the BIGIP Virtual with SCOM monitoring, and he correct integrate BIGIP with AD authentication (because probably for performing discovery it should be needed a service AD account).
I think it isn't possible this because the discovery tool needs the BIGIP administrator granted account. Also, into SCOM interface we saw the task correctly performed, but we can't see the appliance and the data.
So, I ask requested log to customer, I'll send you asap.
Thanks a lot
Best Regards
Fabrizio
2 Replies
- Hi Fabrizio,
If I understand correctly, you're concerned if the account used in the F5 Management Pack discovery wizard needs to be an Active Directory account. No, not at all. It could be just a local device account (used for basic authentication). But it needs to have an admin role on the F5 device. On the other hand, you could use the Active Directory integrated authentication mapping through the 'Remote Directory Tree' configuration (on the F5 device): Users :: Authentication :: User Directory :: Remote Active Directory :: Remote Directory Tree, where you would enter the AD organizational group (OU) which contains the user accounts for accessing the F5 device. You can have this OU / user group have admin rights on your F5 device.
Julian - Hi Fabrizio,
In case the LDAP/Active Directory integration is still an issue with setting up an F5 Device account to be used in the F5 Management Pack discovery, I would suggest reading the following article related to "F5 Device Discovery: LDAP remote authentication for Active Directory" at:
Julian
