Forum Discussion
HugoRL_337905
Nimbostratus
NimbostratusRestricting AD Authentication to Authorized Users Only
Hello, I have an F5 i2000 load balancer, running Version 12.1.2.249.
I am configuring AD Authentication for the management interface, but I ran into an issue. AD Authentication is configured to...
The fix to my problem was the settings under "External Users". This group of settings has three settings: Role, Partition Access, and Terminal Access. It looks like these settings control the access restrictions that will apply by default to anyone that is able to authenticate to the remote authenticating server, in my case, the DC.
By default this setting is set to "No Access", but it looks like it was changed in my configuration that is why any domain user was able to log in with Administrator rights. My current settings are (Access Restriction is working):
Role: No Access Partition: All Terminal Access: Disabled
Thanks again.
Hugo
Kai_Wilke
MVP
MVPHi Hugo,
take a look to the "Login LDAP Attribute" option or to the "Remote Role Groups" configuration.
The "Login LDAP Attribute" option allows you to map the individual AD users to a given local user object. By doing so, the individual AD users will inherit the permissions of the local user object, so that the default permission for authenticated AD users can be set to "No Access".
The "Remote Role Groups" configuration allows you to fetch and map the Group-Memberships from AD, so that a member of a given group get elevated access rigths compared to the default permission for authenticated AD users (aka. "No Access" again)
Cheers, Kai