Forum Discussion
Also what groups have you setup? And have you got the same config on your radius server side?
i set it to no access, and icant login anymore on that read only account, i am trying to check with my colleague who handles the radius part
- Apr 25, 2022
Ok, So what i think is happening is the following.
When the radius reponce returns "F5-LTM-User-Info-1=mgmt"
It then takes the parameters "%F5-LTM-User-Role" "%F5-LTM-User-Partition" & "%F5-LTM-User-Shell" which have also been sent by the radius server and then fills in the variables as expected.
So in the KB's example all of the config is set inside the radius server. (the kb is showing freerasdius as an example)Below is my config or a part of it, i just look for F5-LTM-User-Info-1=adm as a Attribute String coming back and i set all of the important variable to me inside the f5 config. I feel that's personally more secure.
But what i think you need to look at now is what is coming back in from your radius server, are the variables coming back in? Maybe even break it back to my example below and show you can change adm to something else like say Guest and change the Assigned Role to Guest and prove that user gets guest for example?
Maybe the group list will be useful as well?
Have you followed the radius tests on the radius server as per the kb?
- Apr 25, 2022
Ok setting it to no access will stop everything,
If you set it to Guest you'll get the equivlant read only access.
But the other setting on "Service Type" being set to auth only you'll only get that account level set under "External User > Role" when you log in.
It won't even consider the roles you hopefully have configured under "Remote Rile Groups" could you send that as well?
The attriubutes that, that calls out are important and need to be linked to what the radius server sends. - chocokoalaApr 25, 2022Altostratus
Hi yes, when i set it to guest, it does really makes the account as guest.
we follow this article:
https://support.f5.com/csp/article/K14324#3
You can see the remote group we created (attached)