Hi Guys, I am implementing F5 MGMT Authentication and it works for my group, but does not for other Domain Group.
How can I see the reason why the authentication failed ?, on the F5 logs. I am currently not seeing anything now.
Please kindly advise.
Can you give a little more info on the kind of auth you are setting up?
I suppose that you are setting up Remote Role groups and not local accounts? What system are you setting this auth against (AD, LDAP, TACACS etc..)?
Normally you should be able to see any attempts either failed or success in System/Logs/Audit
yes, I am using Remote Role groups and in fact it is working for a group in Active Directory that is global, but it does not for a group that is Domain Local. Let me verify the logs on the System/Audit.
I am using Active Directory authentication. I have one group already working, the other that i have added is not. The group working is Global in AD whereas the other is Domain Local (the one now working). The logs shows that authentication failed in the system/log/audit.
Not knowing your environment a few things I'll start checking.
Verify if the directory tree for that group is correct. That will be the attribute string use on the F5 for that group.
Check the logs from cli /var/log/secure
Check AD logs for the failed attempts.
That will give you most of the info you need to get this resolved.
I found the problem, and I fixed. The problem was that the Remote Directory Tree did not include the user I was logging with. Therefore, I can authenticate with any user in AD as long as I use the correct Remote Directory Tree.
Sounds good so far.
Now I have some users that are in another Domain2 which has trusting relationship with the Domain F5 is joined with.
Will F5 MGMT be able to look for users that are in another Domain2 that has trusting relationship with the Domain1 F5 is connected to ?.