Forum Discussion
getnyce_157084
Nimbostratus
NimbostratusMultiple AAA authetication groups to TACACS
Currently I authenticate to a TACACS for my read/write account. Anyone who needs to manage the LTM will be added to that group. However I need to give auditor access to a group of users. When I gr...
You need to use remote role with your TACACS+ server. Essentially this involves setting up remote roles and eliminating local user accounts. There have been several threads lately about remote authentication via TACACS+ lately. Here's one:
https://devcentral.f5.com/questions/how-to-configure-tacacs-on-cisco-acs-53-for-authenticate-administrative-users-on-ltm-1120
Also, here is some info regarding remote role:
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-11-1-0/16.html
Cory_50405
Noctilucent
NoctilucentYou need to use remote role with your TACACS+ server. Essentially this involves setting up remote roles and eliminating local user accounts. There have been several threads lately about remote authentication via TACACS+ lately. Here's one:
https://devcentral.f5.com/questions/how-to-configure-tacacs-on-cisco-acs-53-for-authenticate-administrative-users-on-ltm-1120
Also, here is some info regarding remote role:
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-11-1-0/16.html
getnyce_157084Nimbostratus
NimbostratusCory,
The F5 configuration seems straight forward. Unfortunately is the ACS side of things i'm struggling with. I'm running 5.3 ACS, can you point me to any doc's that show me step by step out to configure the ACS side of the house for remote role. I have been searching the net but I seem to find only 4.2 docs.