Forum Discussion

sandy16's avatar
Icon for Altostratus rankAltostratus
Dec 12, 2023

Radius Authentication and remote Role-groups

Hi F5 Experts, I am trying to do Radius authentication on the F5 and need some information on the remote role groups. We are using windows NPS as the Radius server which talks to Active directory for AD-groups.

Plan is not to use any VSAs (vendor specific attributes) to make this work. (Preferred option).

The ask is simple - have two AD-Groups for F5 authentication, one for admin(RW) and other for guest (RO).

My Questions are:

1.  Do I also need to create these two remote-role-groups on the F5 under Users> Remote Role Groups and assign them the "Administrator" and "Guest" role and match them exactly as to their names in AD? 

2. Will this work without the VSAs?

I am unable to find a document that provides this end to end information.