F5OS AD Integration

Question

I'm not usually the person that sets up the AD integration on our hosts.&nbsp; The person that normally configures it took one look at the new F5OS (1.4) and, well, I won't repeat their comment here.&nbsp; I figured how hard can it be.&nbsp; I think I'm reasonably smart and can follow instructions.&nbsp; I used to think I was resonably smart.&nbsp; Now I'm not so sure.&nbsp; I've configured authentication settings and server groups.&nbsp; Users is still only an option for local.&nbsp; &nbsp;

jim_mccarron · Answer

Leav97&nbsp;have a look at the following links they may give some more details you are looking for:
https://clouddocs.f5.com/training/community/rseries-training/html/rseries_security.html#remote-authentication
https://techdocs.f5.com/en-us/f5os-a-1-4-0/f5-rseries-systems-administration-configuration/title-user-mgmt.html#ldap-config-overview
&nbsp;

leslie_hubertus · Answer

Hi Leav97&nbsp;- can you please give more detail around your experience or problems you came across? I'm not seeing a question to answer, or specific feedback I can bring to the product team.&nbsp;

leav97 · Answer

Sure,&nbsp;How do I add an AD group for admin access?&nbsp;

leav97 · Answer

I've walked through the documentation several times.&nbsp; I have yet to find any information on how to add an AD group to admin access.

jim_mccarron · Answer

Leav97&nbsp;I am far from an Active Directory expert, but my understanding is that you have to have an AD group created with a GroupID of 9000 for F5OS admin users. Something like this inside AD:
&nbsp;
# Define some security groups
new-adgroup&nbsp;-name&nbsp;"f5os_admins"&nbsp;&nbsp;&nbsp;&nbsp;-GroupCategory&nbsp;Security&nbsp;-GroupScope&nbsp;Global&nbsp;-OtherAttributes&nbsp;@{'gidNumber'=9000}
new-adgroup&nbsp;-name&nbsp;"f5os_operators"&nbsp;-GroupCategory&nbsp;Security&nbsp;-GroupScope&nbsp;Global&nbsp;-OtherAttributes&nbsp;@{'gidNumber'=9001}
new-adgroup&nbsp;-name&nbsp;"f5os_users"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-GroupCategory&nbsp;Security&nbsp;-GroupScope&nbsp;Global&nbsp;-OtherAttributes&nbsp;@{'gidNumber'=9002}
new-adgroup&nbsp;-name&nbsp;"f5os_limited"&nbsp;&nbsp;&nbsp;-GroupCategory&nbsp;Security&nbsp;-GroupScope&nbsp;Global&nbsp;-OtherAttributes&nbsp;@{'gidNumber'=9999}
&nbsp;
Is your question more on how to configure the AD side of things, or how to configure the F5OS side? Is there a specifc area where the docs are not clear or need more context on the F5OS side?

Forum Discussion

F5OS AD Integration

5 Replies

Recent Discussions

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

ASM instance creation

Can iRule mask the payload content on event logs of security

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

F5Access | MacOS Sonoma

Related Content

Cloud Docs - F5OS Technical Reference Materials

Exploring F5OS automation features on VELOS

Yubikey Authentication Modes and Azure AD integration via the APM

Making Mobile SDK Integration Ridiculously Easy with F5 XC Mobile SDK Integrator

F5OS migrate license