v11 Tacacs Authorization

Question

Hello,&nbsp;
&nbsp;I'm not able to get Tacacs authorization working with v11.1.  I've followed these guides:&nbsp;&nbsp;&nbsp;
https://devcentral.f5.com/Default.aspx?tabid=63&amp;articleType=ArticleView&amp;articleId=2316
&nbsp;&nbsp;
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_implementation/sol_mgmt_auth.html1022039&nbsp;
&nbsp;I've created the remoteroles through the GUI and setup the custom attribute through our Cisco ACS 4.2 server.&nbsp;
&nbsp;Made sure I'm using service PPP and protocol IP and I put the custom attributes in the PPP IP section of the Tacacs+ settings in ACS.&nbsp;
&nbsp;"F5-LTM-User-Info-1=SysAdm" and I created the SysAdm remoterole with the identical attribue.&nbsp;
&nbsp;BIG-IP 11.1.0 Build 1943.0 Final&nbsp;
&nbsp;The weird thing is the error I see in ACS.  "No IP address allocation method defined for user".  I can't find anything similar in the forums.  Has anyone gotten Tacacs working with v11?  This is a fresh install and new F5 3600.&nbsp;
&nbsp;Tyler&nbsp;

jklemm2000 · Answer

&nbsp;I had the same issue.  If you look at the ACS server logs "No IP address
 allocation method defined for user."  To fix this go to Group 
settings/Pick the group you want to grant remote tacacs to/Select the 
radio button for "Assigned by Dialup client"&nbsp;&nbsp;&nbsp;

Forum Discussion

v11 Tacacs Authorization

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

JWT authorization with NGINX Ingress Controller

ProxyPass v10/v11

TACACS+ External Monitor (Python)

iRule - Authorization Bearer / Basic

OWASP Tactical Access Defense Series: Broken Object Property Level Authorization and BIG-IP APM