Forum Discussion

rolf's avatar
rolf
Icon for Cirrus rankCirrus
Nov 29, 2010

RADIUS Authorization / bash console?

Hi,

 

 

We're using RADIUS for Authorization. For Administrators, we provide the following Attributes to the LTM:

 

 

F5-LTM-User-Role Administrator

 

F5-LTM-User-Info-1 rw

 

F5-LTM-User-Partition Common

 

F5-LTM-User-Shell bpsh

 

 

Remote Role Configuration on LTM:

 

remoterole {

 

role info xy-admin {

 

attribute "F5-LTM-User-Info-1=rw"

 

console "%F5-LTM-User-Shell"

 

line order 2

 

role "%F5-LTM-User-Role"

 

user partition "%F5-LTM-User-Partition"

 

}

 

}

 

 

 

With this configuration everything works fine, but we're not able to set the console to bash. We tried the following:

 

'bash'

 

'/bin/bash'

 

 

Is there a way to set the console attribute to a custom shell exept tmsh/bpsh?

 

(We're aware, that using '!/bin/bash' within bpsh starts a bash with superuser rights, but we prefer a direct shell configuration with the console attribute).

 

 

Any Ideas?

 

Thanks, Rolf

 

config
design

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Nov 29, 2010
    Hi Rolf,

     

     

    See this recent post for details on this scenario:

     

     

    bash shell w/ TACACS+ authorisation

     

    http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/aff/31/afv/topic/aft/1172098/afc/1198741/Default.aspx

     

     

    Aaron
  • rolf's avatar
    rolf
    Icon for Cirrus rankCirrus
    Nov 29, 2010
    Hi Aaron,

     

     

    thank's a lot for your fast answer.

     

    I think we will stay with '!/bin/bash'....

     

     

    Rolf