Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

F5 LTM Authentication Login

Hi Guys, I am implementing F5 MGMT Authentication and it works for my group, but does not for other Domain Group.

How can I see the reason why the authentication failed ?, on the F5 logs. I am currently not seeing anything now.

Please kindly advise.

Thanks

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Can you give a little more info on the kind of auth you are setting up? I suppose that you are setting up Remote Role groups and not local accounts? What system are you setting this auth against (AD, LDAP, TACACS etc..)? Normally you should be able to see any attempts either failed or success in System/Logs/Audit

0
Comments on this Answer
Comment made 18-Oct-2016 by Edouard Zorrilla 397

yes, I am using Remote Role groups and in fact it is working for a group in Active Directory that is global, but it does not for a group that is Domain Local. Let me verify the logs on the System/Audit.

1
Comment made 19-Oct-2016 by Edouard Zorrilla 397

I am using Active Directory authentication. I have one group already working, the other that i have added is not. The group working is Global in AD whereas the other is Domain Local (the one now working). The logs shows that authentication failed in the system/log/audit.

1
Comment made 19-Oct-2016 by The Y 210

Not knowing your environment a few things I'll start checking.

Verify if the directory tree for that group is correct. That will be the attribute string use on the F5 for that group.

Check the logs from cli /var/log/secure

Check AD logs for the failed attempts.

That will give you most of the info you need to get this resolved.

0
Comment made 20-Oct-2016 by Edouard Zorrilla 397

I found the problem, and I fixed. The problem was that the Remote Directory Tree did not include the user I was logging with. Therefore, I can authenticate with any user in AD as long as I use the correct Remote Directory Tree.

Sounds good so far.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Now I have some users that are in another Domain2 which has trusting relationship with the Domain F5 is joined with.

Will F5 MGMT be able to look for users that are in another Domain2 that has trusting relationship with the Domain1 F5 is connected to ?.

0