How to add F5 vendor specific Radius attirbutes to Windows 2008 NPS to authorize external users to different roles
I am running bigip 11.4.1 on a 3900 that is licensed for LTM and ASM with client authentication. I am able to configure user authentication to a Windows NPS radius server and have all external users all get authenticated to the windows radius and authorized to the same default external user role. (This is purely for user login access to the BIG-IP managment interface via a browser).
I would now like to create four new Windows user groups: F5-Admin, F5-resource-admin, F5-operator, F5-guest. The goal is to have the Windows NPS radius server return the F5 vendor specific attribute "F5-LTM-User-Role" with the appropriate values for the four roles I need.
I have the document: "http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14324.html". It is not clear to me how to add the role attributes to windows 2008 NPS such that the new role attribute will be returned to the F5 after successful authentication. It is also not clear how to configure the F5 to then take the returned role attribute for the user and over-ride (ignore) the default external role setting.
thank you for your help.