v11 Tacacs Authorization

Question

Hello,&nbsp;
&nbsp;I'm not able to get Tacacs authorization working with v11.1.  I've followed these guides:&nbsp;&nbsp;&nbsp;
https://devcentral.f5.com/Default.aspx?tabid=63&amp;articleType=ArticleView&amp;articleId=2316
&nbsp;&nbsp;
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_implementation/sol_mgmt_auth.html1022039&nbsp;
&nbsp;I've created the remoteroles through the GUI and setup the custom attribute through our Cisco ACS 4.2 server.&nbsp;
&nbsp;Made sure I'm using service PPP and protocol IP and I put the custom attributes in the PPP IP section of the Tacacs+ settings in ACS.&nbsp;
&nbsp;"F5-LTM-User-Info-1=SysAdm" and I created the SysAdm remoterole with the identical attribue.&nbsp;
&nbsp;BIG-IP 11.1.0 Build 1943.0 Final&nbsp;
&nbsp;The weird thing is the error I see in ACS.  "No IP address allocation method defined for user".  I can't find anything similar in the forums.  Has anyone gotten Tacacs working with v11?  This is a fresh install and new F5 3600.&nbsp;
&nbsp;Tyler&nbsp;

jklemm2000 · Answer

&nbsp;I had the same issue.  If you look at the ACS server logs "No IP address
 allocation method defined for user."  To fix this go to Group 
settings/Pick the group you want to grant remote tacacs to/Select the 
radio button for "Assigned by Dialup client"&nbsp;&nbsp;&nbsp;

Forum Discussion

v11 Tacacs Authorization

Recent Discussions

F5 to read a combined CRL file

how to whitelist new source IP on F5 web UI access

Upgrade F5 BIGIP

ISP Load Balancing, SNAT pool instead of Automap link self-ip, anyway to do health check ?

MAC address of deleted VS IP address still responsive

Related Content

JWT authorization with NGINX Ingress Controller

TACACS issue

ProxyPass v10/v11

OWASP Tactical Access Defense Series: Broken Function Level Authorization (BFLA)

TACACS+ External Monitor (Python)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS