Forum Discussion
Cory_50405
Dec 22, 2011Noctilucent
remoterole and TACACS
Our organization has F5 LTMs deployed and we are trying to eliminate the need to define accounts local to the device. We currently have Cisco ACS servers configured with user accounts and we are trying to get the LTMs configured to pull authentication and authorization information from these ACS boxes.
We currently have this remoterole defined in our LTMs:
role info adm {
attribute "F5-LTM-User-Info-1=adm"
role "administrator"
console "enable"
deny disable
line order 1
user partition "all"
}
And this group created on our ACS server:
"Full Access"
Under TACACS+ settings, we have the PPP IP option checked, and the custom attributes box checked with F5-LTM-User-Info-1=adm defined as a custom attribute.
Does the name of the ACS group need to match the role info name on the LTM? It doesn't appear the LTM will accept spaces as part of the role info name.
Thanks,
Cory
- hoolioCirrostratusHi Cory,
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects