Configuring LTM with CISCO ACS for TACACS autorization

Hi: all

 

 

I am trying to set up ltm 6400 withj 10.0 vesrion for authentaication with F5 . on f5 I have this remote role:

 

remoterole {

 

role info ndm {

 

attribute "F5-LTM-User-Info-1=ndm"

 

console "enable"

 

deny disable

 

line order 1

 

role "administrator"

 

user partition "all"

 

 

under F5 GUI I configur as follows:

 

1. On F5 boxes, enable TACACS+ remote authentication. We did not create any local users and simply used remote group definitions on ACS server. Servers x.x.x.x Secret: xxxx Encryption Enabled Service Name ppp Protocol Name ip Authentication Authenticate to first server Accounting Information Send to first available server Debug Logging Enabled External Users Role No Access Partition Access All Terminal Access Disabled

 

 

On ACS server, I modified the existing group Netadm and Ops configurations. You can add the F5 devices under Network Configuration in the correct Network Device Group, make sure the key matches the secret speficied in the TACACS+ authentication section above, choose TACACS+ (CISCO IOS) from Authenticate Using dropdown list and check Single Connect TACACS+ AAA Client.

 

 

-Under Group Setup/Edit Settings/TACACS+ Settings

 

check "PPP IP" and Custom Attributes, add:

 

 

F5-LTM-User-Info-1=ndm

 

 

please help!

 

 

 

group ndm already defined under ACS as admin role, how ever when I log on I am getting read only, it seems that remote role doesn't work