Forum Discussion

Nimbostratus

Apr 15, 2014

tacacs attibute value pair settings for remote role attributes

Hi, I've read Sol8811 and sol8808 and articles https://devcentral.f5.com/articles/v10-remote-authorization-via-tacacs-43.U0yHO_mulsE http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/produc...

application delivery

authorization

BIG-IP Access Policy Manager (APM)

Noctilucent

Apr 16, 2014

I believe the attribute within ACS needs to be populated under the group configuration, shell profiles section. There's a pane for attributes and it should be populated with the same attribute as you put in the corresponding remote role within the BIG-IP.

For example, our attribute for administrators is F5-LTM-User-Role-1=adm. This goes in the custom attributes under the shell profile section of ACS as well as your remote role configuration as the attribute string.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)