Dynamic Roles with TACACS+ 4.1 and LTM 11.5.3
I want to dynamically assign roles VIA vendor specific attributes in TACACS 4.1. Here is how I setup 11.5.3:
(/Common)(tmos) list auth remote-role role-info auth remote-role { role-info { DC1 { attribute F5-LTM-User-Info-1=DC1 line-order 2 role %F5-LTM-User-Role user-partition all } } }
On the TACACS ==> Groups ==> TACACS Settings ==> Custom attributes>
F5-LTM-User-Info-1=DC1 F5-LTM-User-Role=400
When I tail -f /var/log/secure I see getting assigned the administrator role.
Jan 19 21:48:54 dti-f5ve-bigip01 notice httpd[15771]: 01070417:5: AUDIT - user da_gxcave - RAW: httpd(mod_auth_pam): user=da_gxcave(da_gxcave) partition=[All] level=Administrator tty=/usr/bin/tmsh host=165.249.239.22 attempts=1 start="Tue Jan 19 21:35:45 2016" end="Tue Jan 19 21:48:54 2016"
Anyone have any insight into this?