Cory_50405
Dec 22, 2011Noctilucent
remoterole and TACACS
Our organization has F5 LTMs deployed and we are trying to eliminate the need to define accounts local to the device. We currently have Cisco ACS servers configured with user accounts and we are trying to get the LTMs configured to pull authentication and authorization information from these ACS boxes.
We currently have this remoterole defined in our LTMs:
role info adm {
attribute "F5-LTM-User-Info-1=adm"
role "administrator"
console "enable"
deny disable
line order 1
user partition "all"
}
And this group created on our ACS server:
"Full Access"
Under TACACS+ settings, we have the PPP IP option checked, and the custom attributes box checked with F5-LTM-User-Info-1=adm defined as a custom attribute.
Does the name of the ACS group need to match the role info name on the LTM? It doesn't appear the LTM will accept spaces as part of the role info name.
Thanks,
Cory