Radius Authentication and remote Role-groups

Question

Hi F5 Experts, I am trying to do Radius authentication on the F5 and need some information on the remote role groups. We are using windows NPS as the Radius server which talks to Active directory for AD-groups.

Plan is not to use any VSAs (vendor specific attributes) to make this work. (Preferred option).

The ask is simple - have two AD-Groups for F5 authentication, one for admin(RW) and other for guest (RO).

My Questions are:

1. Do I also need to create these two remote-role-groups on the F5 under Users> Remote Role Groups and assign them the "Administrator" and "Guest" role and match them exactly as to their names in AD?

2. Will this work without the VSAs?

I am unable to find a document that provides this end to end information.

Thx

f5_design_engineer · Answer

Hi Sandy16,
You can refer this link as it is the closest match to your requirement, instead of AD it is using Azure AD that you can tweak to understand ,&nbsp;
https://github.com/RZomerman/F5/blob/master/f5-radius-nps.md
Hope this Helps
🙏

Forum Discussion

Radius Authentication and remote Role-groups

Recent Discussions

BIG-IP SysLog appearing in ossec.log

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

dynamic signature detection

Related Content

RADIUS server authenticating user with Google Authenticator

RADIUS server using APM to authenticate users

RADIUS authentication using iRulesLX

RADIUS authentication packet manipulation library

F5OS RSeries Appliance Radius user Authentication Issues

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS