Forum Discussion
NimbostratusRadius Authentication
HI
We have F5 Configured with three partition.we are using juniper as radius server(IC6500)authentication is working fine.but the user is able to access all partitions.
Requirement is as below
We have to limit each user to access only one partition.
Thanks
3 Replies
mimlo_61970Cumulonimbus
I've only done this with tacacs+ and a Cisco ACS server, but I think the general idea is about the same, and is hopefully helpful.
First, you need to create remote roles on the F5 for each role you want to create. When you create the role, you designated what F5 role they get(admin, guest and so on), and to what partition they have access to. You also need to fill in the Attribute String, which is the radius attribute you are going to use designate a user gets this role. For me, I use:
F5-LTM-User-Info-1=role-name in the Attribute String field, where role-name is just a string that identifies this role.
After that you will need to import the F5 vendor-specific attributes into your radius server, and then send the F5-LTM-User-Info-1 attribute with the value of role-name for each user.
When the login requests comes through, the F5 will see the F5-LTM-User-Info-1 attribute and map them to the proper remote role group, which defines the partition access.
Mathew_58740I tried that and what I am facing issues, If I create the same user id IN F5 its working its authenticating with radius server. If the user is not created locallay its not working- mimlo_61970It sounds like the F5-LTM-User-Info-1 attribute is either not being sent, or not matching a remote role group on the F5. Sorry, I can't offer much help in regards to setting up Juniper Radius to send the proper responses, but I would start by looking there.
