For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rolf's avatar
rolf
Icon for Cirrus rankCirrus
Nov 29, 2010

RADIUS Authorization / bash console?

Hi,

 

 

We're using RADIUS for Authorization. For Administrators, we provide the following Attributes to the LTM:

 

 

F5-LTM-User-Role Administrator

 

F5-LTM-User-Info-1 rw

 

F5-LTM-User-Partition Common

 

F5-LTM-User-Shell bpsh

 

 

Remote Role Configuration on LTM:

 

remoterole {

 

role info xy-admin {

 

attribute "F5-LTM-User-Info-1=rw"

 

console "%F5-LTM-User-Shell"

 

line order 2

 

role "%F5-LTM-User-Role"

 

user partition "%F5-LTM-User-Partition"

 

}

 

}

 

 

 

With this configuration everything works fine, but we're not able to set the console to bash. We tried the following:

 

'bash'

 

'/bin/bash'

 

 

Is there a way to set the console attribute to a custom shell exept tmsh/bpsh?

 

(We're aware, that using '!/bin/bash' within bpsh starts a bash with superuser rights, but we prefer a direct shell configuration with the console attribute).

 

 

Any Ideas?

 

Thanks, Rolf

 

config
design

2 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 29, 2010
    Hi Rolf,

     

     

    See this recent post for details on this scenario:

     

     

    bash shell w/ TACACS+ authorisation

     

    http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/aff/31/afv/topic/aft/1172098/afc/1198741/Default.aspx

     

     

    Aaron
  • rolf's avatar
    rolf
    Icon for Cirrus rankCirrus
    Nov 29, 2010
    Hi Aaron,

     

     

    thank's a lot for your fast answer.

     

    I think we will stay with '!/bin/bash'....

     

     

    Rolf