Info on Tacacs+ configuration required on F5 and Tacacs+ server

Question

Hi,&nbsp;
I am trying to do Tacacs+ authentication, authorization and accounting using F5
Already configured Tacacs+ server on F5 and trying to configure remote roles with custom attributes defined in TACACS+ client as well.&nbsp;
Is there any document which specifies exactly how to configure attributes both on TACACS server and on F5?
What role does Custom Attributes plays in TACACS+ AAA in F5?&nbsp;
Thanks,
Bhavik&nbsp;

jaikumar_f5 · Answer

Hope this article helps.&nbsp;
TACACS+ Remote Role Configuration for BIG-IP&nbsp;

bhavik_384677 · Answer

Hi Jai,&nbsp;
Thank you for the document. I have referred this document. I have configured the remote roles on the Tacplus server and client appropriately.&nbsp;
There is an option under System-&gt;users-&gt;User list in F5, there we can see All external users are provided with some role name, partition name and tmsh access required or denied.&nbsp;
When Tacacs+ authorization takes place, we could see in the accounting log always that the external user permissions are granted to any user logged in. We could not see the one we have configured as a custom attribute under Tacplus server.&nbsp;

Forum Discussion

Info on Tacacs+ configuration required on F5 and Tacacs+ server

2 Replies

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Rewrite content in XML schema file.

Question regarding F5 Viprion Configuration Migration to VE.

Sending an HTTP request from iRule without delaying client requests

In F5 APM, how to include multiple DNS suffix?

Issue while migrating config from 4000s to r4600

Related Content

TACACS+ Remote Role Configuration for BIG-IP

TACACS+ External Monitor (Python)

TACACS issue

F5 BIG-IP Advanced WAF – DOS profile configuration options.

Reminder: MFA now required to log in to DevCentral

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS