Freeradius auth for LTM V11.5.1
Guys am running out of inspiration here and hoping you may be able to help. I have set up a FreeRadius server which is successfully authenticating Linux systems and Cisco devices.
I have added the config for F5 to the radius server and verified it's triggering correctly for my test user. e.g. (radiusd log extract)
Mon Feb 22 14:39:35 2016 : Debug: rlm_perl: Added pair Auth-Type = PAP
Mon Feb 22 14:39:35 2016 : Info: ++[perl] = ok
Mon Feb 22 14:39:35 2016 : Info: +} group post-auth = ok
Sending Access-Accept of id 161 to 192.168.1.90 port 27260
Cisco-AVPair = "shell:priv-lvl=15"
F5-LTM-User-Shell = "tmsh"
F5-LTM-User-Info-1 = "F5-admin"
F5-LTM-User-Role = Administrator
F5-LTM-User-Partition = "Common"
Mon Feb 22 14:39:35 2016 : Info: Finished request 25.
I've then followed the recipe at https://support.f5.com/kb/en-us/solutions/public/14000/300/sol14324.html and believe I have things set right. tmsh sows this when list the auth section:
auth radius system-auth {
servers {
system_auth_name1
}
}
auth radius-server system_auth_name1 {
secret $M$q5$0UFrYg9zh5kLp7xkZOb2vZpgAPggyDPoWmjeIgF5F1I=
server 192.168.1.56
}
auth remote-role {
role-info {
F5-admin {
attribute F5-LTM-User-Info-1=F5-admin
console %F5-LTM-User-Shell
line-order 1001
role %F5-LTM-User-Role
user-partition %F5-LTM-User-Partition
}
}
}
Trying to log in as my test user sadly yields no good outcome, in spite of the the log from the radius server showing it sending an Access-Accept packet with the relevant F5 attributes included.
So I guess my question is if there is log file I've been unable to find on the LTM itself which might let me know what I'm doing wrong.
This or any other thoughts would be greatly appreciated.
Enno.