Forum Discussion
midhun_108442
Nimbostratus
NimbostratusHow to configure Authorization in radius server for remote users
Hi
The users are authenticating to f5 through Radius server , but the authorization is not happening through radius server , For authorization we have configured each user privileged in F5 , Kindly help us to configure F5 authorization through Radius server .
Regards,
Midhun P.K
8 Replies
- Hi Midhun,
This manual guide provides some details about what you are after.
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-11-2-0/19.html?sr=25547154
You might also want to open a case with f5 support if required.
Thanks,
P. 
midhun_108442HI,
thanks for your response, I have gone through the URLl above and some other document, were i read that need to configure remote role in F5 for the authorization of remote users, Kidnly any one help me how to configure remoterole in F5 .
We are using SBR(juniper radius ) in our setup. F5 authentication is happening through this SBR, Kindly help me to configure authorization for the same. what setup i need to configure in F5 for this to work.
Regards
midhun P.K- midhun_108442Hi,
Could anyone update me on this .
Regards
Midhun P.K 
What_Lies_Bene1Cirrostratus
Does this help: http://support.f5.com/kb/en-us/solu...r=25610750
Or this: http://support.f5.com/kb/en-us/prod...r=25610810
- Hi Midhun,
Can you confirm which version of BigIP software you are using?
Thanks,
P. - midhun_108442Hi,
Software Version is 10.2.4
Thanks,
MidhunP.K - midhun_108442HI,
Could anyone help me to configure remoterole in F5.
Regards,
Midhun P.K - nitass
Employee
i do not have SBR for testing. anyway, just wondering should sol11431 Steve gave works.
sol11431: Using F5 vendor specific attributes with RADIUS authentication
http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11431.html?sr=25610750
the following is my testing using freeradius.root@ve10(Active)(tmos) show sys version Sys::Version Main Package Product BIG-IP Version 10.2.4 Build 655.0 Edition Hotfix HF4 Date Tue Aug 21 11:35:59 PDT 2012 Hotfix List ID386512 ID373105 ID224279 ID385694 ID388460 ID247874 ID362940 ID391096 ID366459 ID378671 ID392255 ID389111 ID378935 ID383104 ID363612 ID378936 ID387843 ID379465 ID356965 ID387107 ID368866 ID388474 ID387339 ID390951 ID363724 ID378007 ID380985 ID390322 ID358442 ID391784 ID389112 ID385579 ID251174 ID381078 ID351639 ID336845 ID392745 ID223894 ID226042 ID372295 ID386825 ID365698 ID381613 ID392334 ID388625 ID384531 ID382758 ID368420 ID385827 ID291479 ID391826 ID385193 ID381620 ID388890 ID387625 ID383906 ID385585 ID375117 ID371298 ID342185 ID386420 ID391923 ID390043 ID393721 ID349093 ID339930 ID383396 ID380354 ID392361 ID377196 ID382217 ID383405 ID378489 ID368881 ID367066 root@ve10(Active)(tmos) list auth radius auth radius system-auth { servers { system_auth_name1 } } root@ve10(Active)(tmos) list auth radius-server auth radius-server system_auth_name1 { secret secret server 172.28.19.251 } root@ve10(Active)(tmos) list auth remote-role auth remote-role { role-info { guest-role { attribute F5-LTM-User-Info-1=guest-group console tmsh line-order 2 role guest user-partition all } operator-role { attribute F5-LTM-User-Info-1=operator-group console tmsh line-order 1 role operator user-partition all } } } operator user Frame 1 Internet Protocol Version 4, Src: 172.28.19.80 (172.28.19.80), Dst: 172.28.19.251 (172.28.19.251) User Datagram Protocol, Src Port: 28694 (28694), Dst Port: 1812 (1812) Radius Protocol Code: Access-Request (1) Packet identifier: 0x6 (6) Length: 91 Authenticator: c677c8bc666e898d6c73c820f92c1070 [The response to this request is in frame 2] Attribute Value Pairs AVP: l=8 t=User-Name(1): hiccup AVP: l=18 t=User-Password(2): Decrypted: "topsecret\000\000\000\000\000\000\000" AVP: l=6 t=NAS-IP-Address(4): 192.168.1.245 AVP: l=6 t=NAS-Identifier(32): sshd AVP: l=6 t=NAS-Port(5): 27669 AVP: l=6 t=NAS-Port-Type(61): Virtual(5) AVP: l=6 t=Service-Type(6): Authenticate-Only(8) AVP: l=15 t=Calling-Station-Id(31): 192.168.204.8 Frame 2 Internet Protocol Version 4, Src: 172.28.19.251 (172.28.19.251), Dst: 172.28.19.80 (172.28.19.80) User Datagram Protocol, Src Port: 1812 (1812), Dst Port: 28694 (28694) Radius Protocol Code: Access-Accept (2) Packet identifier: 0x6 (6) Length: 54 Authenticator: ef1abb1eece8861906eee842e5e58395 [This is a response to a request in frame 1] [Time from request: 0.001913000 seconds] Attribute Value Pairs AVP: l=12 t=Vendor-Specific(26) v=F5(3375) VSA: l=6 t=F5-LTM-User-Role(1): Operator(400) AVP: l=22 t=Vendor-Specific(26) v=F5(3375) VSA: l=16 t=F5-LTM-User-Info-1(12): operator-group guest user Frame 1 Internet Protocol Version 4, Src: 172.28.19.80 (172.28.19.80), Dst: 172.28.19.251 (172.28.19.251) User Datagram Protocol, Src Port: 28957 (28957), Dst Port: 1812 (1812) Radius Protocol Code: Access-Request (1) Packet identifier: 0xe3 (227) Length: 94 Authenticator: 7d30678ab23dd40f412aa51dce58fe8e [The response to this request is in frame 4] Attribute Value Pairs AVP: l=11 t=User-Name(1): toothless AVP: l=18 t=User-Password(2): Decrypted: "password\000\000\000\000\000\000\000\000" AVP: l=6 t=NAS-IP-Address(4): 192.168.1.245 AVP: l=6 t=NAS-Identifier(32): sshd AVP: l=6 t=NAS-Port(5): 27932 AVP: l=6 t=NAS-Port-Type(61): Virtual(5) AVP: l=6 t=Service-Type(6): Authenticate-Only(8) AVP: l=15 t=Calling-Station-Id(31): 192.168.204.8 Frame 2 Internet Protocol Version 4, Src: 172.28.19.251 (172.28.19.251), Dst: 172.28.19.80 (172.28.19.80) User Datagram Protocol, Src Port: 1812 (1812), Dst Port: 28957 (28957) Radius Protocol Code: Access-Accept (2) Packet identifier: 0xe3 (227) Length: 51 Authenticator: daf2c34f040c5085c8a5180ca6569ef4 [This is a response to a request in frame 3] [Time from request: 0.001627000 seconds] Attribute Value Pairs AVP: l=12 t=Vendor-Specific(26) v=F5(3375) VSA: l=6 t=F5-LTM-User-Role(1): Guest(700) AVP: l=19 t=Vendor-Specific(26) v=F5(3375) VSA: l=13 t=F5-LTM-User-Info-1(12): guest-group
