Forum Discussion
NimbostratusF5 MGMT Interface Authentication using Remote Directory Tree: Two Domain Lookup
Guys,
I have the Remote - Active Directory working just fine, no problem at all for users that are in Domain A. Bind DN belongs to a Domain A user.
Now, there is another Domain B where the F5 MGMT needs to look it up for users to be authenticated as OR access.
With the Remote Directory Tree, I can define only one path in one Domain.
How can I make F5 MGMT look for users in two Domains: users are in two domains Domain A for Administrators and Domain B for OR access.
Please let me know, Thanks,
4 Replies
Shaun_Simmons1Altostratus
For Clarification --
You need to setup access for F5 Mgmt users to access the F5 via another domain?
Have you configured the F5 user access under the System Options area?(I don't have an F5 to give you the precise location, my memory is faling me right now haha! ) You can specify the IP for the secondary domain's AD server and the DN of what container "group" the users reside. You can setup the RBAC for the different groups of permissions. You will have to set a weight to the groups. The lowest number is the highest weighted.
Or, are you talking about APM and the AAA / SSO authentications?
Edouard_ZorrillHi Shaun, yes. The only option is one IP for the domain controller. What do you mean by specifying the IP for the secondary domain's AD Server. ?
- Shaun_Simmons1
Secondary meaning, Domain B's PDC IP. You are correct there is only one IP that can be specified.
I guess I am not following the type of access you have configured for Domain A. Are they F5 users or, you have the F5 configured to authenticate users that access VIPs?
- Edouard_Zorrill
I can authenticate the Web MGMT via users on Domain A, and there is no option to add another Domain B. Hence, I will need to play with the remote role groups. Nope, No VIPs here, the scope is MGMT interface only.
