Forum Discussion
Sridhar_85851
Nimbostratus
NimbostratusRADIUS auth and then let back-end system handle LDAP based auth.
Does anyone have a sample for how to configure such that:
1. the BigIP authenticates against RADIUS (SecureID token based authentication against RSA ACE server via RADIUS)
2. Subsequently the back-end system (that the BigIP is passing traffic to after auth.) access needs to be gained by supplying a second set of LDAP credentials. The BigIP should not mediate gathering these credentials.
As it is currently configured, the issue I am observing is that the first auth. works fine (using SecurID token auth. via RADIUS) but when the back-end system queries for LDAP credentials, the BigIP is mediating the query as well and when the LDAP credentials are supplied, BigIP tries to authenticate them via RADIUS - which fails because it is a different set of credentials and rejects application access to the user.
Any tips/samples on how to configure the BigIP for this scenario.
hoolioCirrostratus
Hi,When the back-end system queries for LDAP credentials, the BigIP is mediating the query as well and when the LDAP credentials are supplied, BigIP tries to authenticate them via RADIUS
Can you clarify the issue? Is the backend system originating a connection to the virtual server which has the RADIUS client auth profile configured? How are you identifying the problem as LTM taking the LDAP auth and trying to authenticate them via RADIUS?
Thanks,
Aaron