Forum Discussion

dcpuser_21204's avatar
dcpuser_21204
Icon for Nimbostratus rankNimbostratus
Jun 10, 2009

Baffled why authentication doesn't work with Cisco ACS

Has anyone successfully configured ACS 4.2 (talks to Active Directory) and F5 Loadbalancer (BIG-IP 9.3.1 Build 37.1 ) to work together? I have the external server, port, key configured on the F5 and on the ACS I added just the Class field (OU=Groups,DC=localdomain,DC=local). On the ACS the logs indicate that authentication was successful however the F5 management page just hangs there until it kicks back another login prompt. Eventually it'll error out saying something about user not allowed access. Any thoughts?

3 Replies

  • It would help to capture tcpdumps of the authentication attempts and open a case with F5 Support for this.

     

     

    Aaron
  • I have been using Cisco ACS authentication with BigIP for quite some time without any problems. Did you create a local account on the f5 that matches the username you are trying to authenticate with on the ACS? I am sure this is not your problem but make sure you are not trying to use the management interface on your F5 for your ACS traffic since that is not supported.
  • You can only map users to one role account i.e. Admin in version 10. In version 9 you still have to add the users to the big-ip manually and also in ACS or Active Directory if you are using external DB for authentication.