cancel
Showing results for 
Search instead for 
Did you mean: 

LTM TACACS Authorization

ENG-SEC_119629
Nimbostratus
Nimbostratus

i want external users to take privilidge from TACACS , is the below valid for V11 , i cannot apply remote role command ? i type tmsh then try to apply it but cannot , i'm not sure if it is applied in one line or mltiple lines:

 

 

https://devcentral.f5.com/tech-tips...-tacacs-43

 

 

7 REPLIES 7

nitass
F5 Employee
F5 Employee
e.g.

 

 

root@(ve11a)(cfg-sync Changes Pending)(Standby)(/Common)(tmos) show sys version Sys::Version Main Package Product BIG-IP Version 11.3.0 Build 2806.0 Edition Final Date Tue Nov 13 22:34:00 PST 2012 root@(ve11a)(cfg-sync Changes Pending)(Standby)(/Common)(tmos) modify auth remote-role role-info add { admin { attribute "F5-LTM-User-Info-1=adm" role 0 user-partition all console tmsh deny disabled line-order 1 }} root@(ve11a)(cfg-sync Changes Pending)(Standby)(/Common)(tmos) list auth remote-role auth remote-role { role-info { admin { attribute F5-LTM-User-Info-1=adm console tmsh line-order 1 role 0 user-partition all } } }

ENG-SEC_119629
Nimbostratus
Nimbostratus
thanks

Hi,

 

is it also possible to have the extended-shell in attribut instead of the tmsh?For me it seems extended-shell is not available in v11.x for users doing external authentication, am I right?

 

 

root@(ve11a)(cfg-sync Changes Pending)(Standby)(/Common)(tmos) list auth remote-role auth remote-role { role-info { admin { attribute F5-LTM-User-Info-1=adm console tmsh line-order 1 role 0 user-partition all } } }

Or does is it somehow possible via the vendor specific attrubute: F5-LTM-User-Console (from v10).

 

Thank you very much

 

Regards

 

Lukas

 

nitass
F5 Employee
F5 Employee
is this acceptable?

 

 

sol10272: Accessing the bash shell as a remotely authenticated user

 

http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10272.html

Hi Nitass, Yes that's perfect! I was not aware of this command "run /util bash" Thanks a lot regards Lukas

nitass_89166
Noctilucent
Noctilucent
is this acceptable?

 

 

sol10272: Accessing the bash shell as a remotely authenticated user

 

http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10272.html

Hi Nitass, Yes that's perfect! I was not aware of this command "run /util bash" Thanks a lot regards Lukas