For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mathew_58740's avatar
Mathew_58740
Icon for Nimbostratus rankNimbostratus
Jul 24, 2014

Radius Authentication

HI   We have F5 Configured with three partition.we are using juniper as radius server(IC6500)authentication is working fine.but the user is able to access all partitions.   Requirement is as b...
mimlo_61970's avatar
mimlo_61970
Icon for Cumulonimbus rankCumulonimbus
Jul 25, 2014

I've only done this with tacacs+ and a Cisco ACS server, but I think the general idea is about the same, and is hopefully helpful.

 

First, you need to create remote roles on the F5 for each role you want to create. When you create the role, you designated what F5 role they get(admin, guest and so on), and to what partition they have access to. You also need to fill in the Attribute String, which is the radius attribute you are going to use designate a user gets this role. For me, I use:

 

F5-LTM-User-Info-1=role-name in the Attribute String field, where role-name is just a string that identifies this role.

 

After that you will need to import the F5 vendor-specific attributes into your radius server, and then send the F5-LTM-User-Info-1 attribute with the value of role-name for each user.

 

When the login requests comes through, the F5 will see the F5-LTM-User-Info-1 attribute and map them to the proper remote role group, which defines the partition access.

 

mimlo_61970's avatar
mimlo_61970
Icon for Cumulonimbus rankCumulonimbus
Aug 14, 2014
It sounds like the F5-LTM-User-Info-1 attribute is either not being sent, or not matching a remote role group on the F5. Sorry, I can't offer much help in regards to setting up Juniper Radius to send the proper responses, but I would start by looking there.