Forum Discussion

JN's avatar
JN
Icon for Nimbostratus rankNimbostratus
Oct 09, 2014

LTM authenticating to TACACS - role group or no?

To start, yes I've seen some of the other threads about this, but they're pretty legacy at this point (I'm on 11.x). Plus they talk about setting up tacacs on the f5 itself, not connecting to anothe...
JN's avatar
JN
Icon for Nimbostratus rankNimbostratus
Oct 09, 2014

Ok I lied...kinda. After more testing it seems the perms are controlled by the role group. You can't configure tacacs.net to send back the role or partition. And if you remove the role groups completely, it just grants everyone admin perms.

 

Shaggy - to answer, I put this line in the role group F5-LTM-User-Info-1= "whatever name you want".

 

It looks like the LTM compares this name to the same name on the tac server and then uses the role group perms if there is a match.