Forum Discussion

Sridhar_85851's avatar
Sridhar_85851
Icon for Nimbostratus rankNimbostratus
Oct 28, 2009

RADIUS auth and then let back-end system handle LDAP based auth.

Does anyone have a sample for how to configure such that:

 

 

1. the BigIP authenticates against RADIUS (SecureID token based authentication against RSA ACE server via RADIUS)

 

2. Subsequently the back-end system (that the BigIP is passing traffic to after auth.) access needs to be gained by supplying a second set of LDAP credentials. The BigIP should not mediate gathering these credentials.

 

 

As it is currently configured, the issue I am observing is that the first auth. works fine (using SecurID token auth. via RADIUS) but when the back-end system queries for LDAP credentials, the BigIP is mediating the query as well and when the LDAP credentials are supplied, BigIP tries to authenticate them via RADIUS - which fails because it is a different set of credentials and rejects application access to the user.

 

 

Any tips/samples on how to configure the BigIP for this scenario.
application delivery
dev
devops
iRules

1 Reply

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Oct 28, 2009
    Hi,

     

     

    When the back-end system queries for LDAP credentials, the BigIP is mediating the query as well and when the LDAP credentials are supplied, BigIP tries to authenticate them via RADIUS

     

     

     

    Can you clarify the issue? Is the backend system originating a connection to the virtual server which has the RADIUS client auth profile configured? How are you identifying the problem as LTM taking the LDAP auth and trying to authenticate them via RADIUS?

     

     

    Thanks,

     

    Aaron