Forum Discussion
Hi yes, when i set it to guest, it does really makes the account as guest.
we follow this article:
https://support.f5.com/csp/article/K14324#3
You can see the remote group we created (attached)
Ok, So what i think is happening is the following.
When the radius reponce returns "F5-LTM-User-Info-1=mgmt"
It then takes the parameters "%F5-LTM-User-Role" "%F5-LTM-User-Partition" & "%F5-LTM-User-Shell" which have also been sent by the radius server and then fills in the variables as expected.
So in the KB's example all of the config is set inside the radius server. (the kb is showing freerasdius as an example)
Below is my config or a part of it, i just look for F5-LTM-User-Info-1=adm as a Attribute String coming back and i set all of the important variable to me inside the f5 config. I feel that's personally more secure.
But what i think you need to look at now is what is coming back in from your radius server, are the variables coming back in? Maybe even break it back to my example below and show you can change adm to something else like say Guest and change the Assigned Role to Guest and prove that user gets guest for example?
Maybe the group list will be useful as well?
Have you followed the radius tests on the radius server as per the kb?