Forum Discussion
nitass
Dec 03, 2012Employee
i do not have SBR for testing. anyway, just wondering should sol11431 Steve gave works.
sol11431: Using F5 vendor specific attributes with RADIUS authentication
http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11431.html?sr=25610750
the following is my testing using freeradius.
root@ve10(Active)(tmos) show sys version
Sys::Version
Main Package
Product BIG-IP
Version 10.2.4
Build 655.0
Edition Hotfix HF4
Date Tue Aug 21 11:35:59 PDT 2012
Hotfix List
ID386512 ID373105 ID224279 ID385694 ID388460 ID247874
ID362940 ID391096 ID366459 ID378671 ID392255 ID389111
ID378935 ID383104 ID363612 ID378936 ID387843 ID379465
ID356965 ID387107 ID368866 ID388474 ID387339 ID390951
ID363724 ID378007 ID380985 ID390322 ID358442 ID391784
ID389112 ID385579 ID251174 ID381078 ID351639 ID336845
ID392745 ID223894 ID226042 ID372295 ID386825 ID365698
ID381613 ID392334 ID388625 ID384531 ID382758 ID368420
ID385827 ID291479 ID391826 ID385193 ID381620 ID388890
ID387625 ID383906 ID385585 ID375117 ID371298 ID342185
ID386420 ID391923 ID390043 ID393721 ID349093 ID339930
ID383396 ID380354 ID392361 ID377196 ID382217 ID383405
ID378489 ID368881 ID367066
root@ve10(Active)(tmos) list auth radius
auth radius system-auth {
servers {
system_auth_name1
}
}
root@ve10(Active)(tmos) list auth radius-server
auth radius-server system_auth_name1 {
secret secret
server 172.28.19.251
}
root@ve10(Active)(tmos) list auth remote-role
auth remote-role {
role-info {
guest-role {
attribute F5-LTM-User-Info-1=guest-group
console tmsh
line-order 2
role guest
user-partition all
}
operator-role {
attribute F5-LTM-User-Info-1=operator-group
console tmsh
line-order 1
role operator
user-partition all
}
}
}
operator user
Frame 1
Internet Protocol Version 4, Src: 172.28.19.80 (172.28.19.80), Dst: 172.28.19.251 (172.28.19.251)
User Datagram Protocol, Src Port: 28694 (28694), Dst Port: 1812 (1812)
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0x6 (6)
Length: 91
Authenticator: c677c8bc666e898d6c73c820f92c1070
[The response to this request is in frame 2]
Attribute Value Pairs
AVP: l=8 t=User-Name(1): hiccup
AVP: l=18 t=User-Password(2): Decrypted: "topsecret\000\000\000\000\000\000\000"
AVP: l=6 t=NAS-IP-Address(4): 192.168.1.245
AVP: l=6 t=NAS-Identifier(32): sshd
AVP: l=6 t=NAS-Port(5): 27669
AVP: l=6 t=NAS-Port-Type(61): Virtual(5)
AVP: l=6 t=Service-Type(6): Authenticate-Only(8)
AVP: l=15 t=Calling-Station-Id(31): 192.168.204.8
Frame 2
Internet Protocol Version 4, Src: 172.28.19.251 (172.28.19.251), Dst: 172.28.19.80 (172.28.19.80)
User Datagram Protocol, Src Port: 1812 (1812), Dst Port: 28694 (28694)
Radius Protocol
Code: Access-Accept (2)
Packet identifier: 0x6 (6)
Length: 54
Authenticator: ef1abb1eece8861906eee842e5e58395
[This is a response to a request in frame 1]
[Time from request: 0.001913000 seconds]
Attribute Value Pairs
AVP: l=12 t=Vendor-Specific(26) v=F5(3375)
VSA: l=6 t=F5-LTM-User-Role(1): Operator(400)
AVP: l=22 t=Vendor-Specific(26) v=F5(3375)
VSA: l=16 t=F5-LTM-User-Info-1(12): operator-group
guest user
Frame 1
Internet Protocol Version 4, Src: 172.28.19.80 (172.28.19.80), Dst: 172.28.19.251 (172.28.19.251)
User Datagram Protocol, Src Port: 28957 (28957), Dst Port: 1812 (1812)
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0xe3 (227)
Length: 94
Authenticator: 7d30678ab23dd40f412aa51dce58fe8e
[The response to this request is in frame 4]
Attribute Value Pairs
AVP: l=11 t=User-Name(1): toothless
AVP: l=18 t=User-Password(2): Decrypted: "password\000\000\000\000\000\000\000\000"
AVP: l=6 t=NAS-IP-Address(4): 192.168.1.245
AVP: l=6 t=NAS-Identifier(32): sshd
AVP: l=6 t=NAS-Port(5): 27932
AVP: l=6 t=NAS-Port-Type(61): Virtual(5)
AVP: l=6 t=Service-Type(6): Authenticate-Only(8)
AVP: l=15 t=Calling-Station-Id(31): 192.168.204.8
Frame 2
Internet Protocol Version 4, Src: 172.28.19.251 (172.28.19.251), Dst: 172.28.19.80 (172.28.19.80)
User Datagram Protocol, Src Port: 1812 (1812), Dst Port: 28957 (28957)
Radius Protocol
Code: Access-Accept (2)
Packet identifier: 0xe3 (227)
Length: 51
Authenticator: daf2c34f040c5085c8a5180ca6569ef4
[This is a response to a request in frame 3]
[Time from request: 0.001627000 seconds]
Attribute Value Pairs
AVP: l=12 t=Vendor-Specific(26) v=F5(3375)
VSA: l=6 t=F5-LTM-User-Role(1): Guest(700)
AVP: l=19 t=Vendor-Specific(26) v=F5(3375)
VSA: l=13 t=F5-LTM-User-Info-1(12): guest-group