F5 Radius Authentication for admins
Hello Experts
I need to configure radius authentication for admin users on F5 LTM. The questions are:
1- When I configure radius server (system -> users -> authentication -> Change Local to Radius Server) then this radius server would be used for all users, locally configured on F5 ? I need some users should be able to authenticate locally, like admin account, So if radius is unreachable then I should have one account to login locally.
2- When user is configure locally and same user is also on radius then what would be the preference?
3- How I can assign different permissions to different users through radius.
Kindly give your inputs
I want admin user authentication should be done locally and rest of users should through radius. Is that doable?
If a remote authentication method is specified for system user accounts, the BIG-IP local database still authenticates the system maintenance accounts mentioned above. This ensures that if the remote authentication device is unreachable, the system maintenance accounts can still access the BIG-IP system.
sol12173: Overview of BIG-IP administrative access controls
https://support.f5.com/kb/en-us/solutions/public/12000/100/sol12173.htmlIf user are on both local and radius and radius server is unreachable then user would be able to authenticate locally?
no
Also for permissions, can I use local user role? I mean radius is used only for authentication and for permissions local role group.
yes (radius server is used for authentication but local user setting is used for authorization).