Forum Discussion
getnyce_157084
Nimbostratus
NimbostratusMultiple AAA authetication groups to TACACS
Currently I authenticate to a TACACS for my read/write account. Anyone who needs to manage the LTM will be added to that group. However I need to give auditor access to a group of users. When I great a local account it doesn't allow me to add a password. I can't add them to the group that I'm in because they will have too much access. How to I get the LTM to authenticate a group of users with an auditor role.
You need to use remote role with your TACACS+ server. Essentially this involves setting up remote roles and eliminating local user accounts. There have been several threads lately about remote authentication via TACACS+ lately. Here's one:
https://devcentral.f5.com/questions/how-to-configure-tacacs-on-cisco-acs-53-for-authenticate-administrative-users-on-ltm-1120
Also, here is some info regarding remote role:
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-11-1-0/16.html
getnyce_157084thank you .. i will look over this and give it a shot
Cory_50405Noctilucent
You need to use remote role with your TACACS+ server. Essentially this involves setting up remote roles and eliminating local user accounts. There have been several threads lately about remote authentication via TACACS+ lately. Here's one:
https://devcentral.f5.com/questions/how-to-configure-tacacs-on-cisco-acs-53-for-authenticate-administrative-users-on-ltm-1120
Also, here is some info regarding remote role:
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-11-1-0/16.html
ZenCentralDid you find out how to define multiple partitioins to one user?
- Walter_Kacynski
Cirrostratus
Is it possible to use this method to map multiple partitions to a single user? It seems that when using Locally defined users a user can only be given access to 1 partation or All partiions. I wish to have a user access two named partions and not common. Thank-You. - Cory_50405The relevant logging should be in ACS. Check out the failed TACACS authentications report. Feel free to post configs here for review.
