Forum Discussion

Almassud_221797's avatar
Nov 13, 2015

Active Directory Authenitcation

Hi all,

 

could anyone provide a step-by-step instruction on how to setup F5 to authenticate against active directory? I found so many SOL, but so far they are helping all that much, so if it's something you setup recently and know that steps, that would be fantastic.

 

MJ

 

4 Replies

  • Which products are you using LTM? APM? ASM? Is the authentcation for Admin access to the BIGIP or for access to a server through BIGIP .
  • R_Marc's avatar
    R_Marc
    Icon for Nimbostratus rankNimbostratus
    create auth ldap system-auth { bind-dn "cn=bindaccount,ou=Service Accounts,ou=Some Users" bind-pw bindpw login-attribute samaccountname port ldaps search-base-dn "ou=Some Users" servers add { adserver } ssl enabled ssl-ca-cert-file CA.crt user-template %s@somedomain }
    modify /auth remote-role role-info add { Admin { attribute "memberOf=CN=administrator,OU=SomeOU Groups" console tmsh line-order 500 role administrator user-partition All } }
    modify /auth source { type active-directory }
    

    This assumes you have a valid AD bind account and you have the DN of the remote role. You can look the roles up using AD tools.

  • Kevin,

     

    I am using LTM and yes this is going to be used for administrators login so that we don't have to create users and password on the local database.

     

    R Marc, you're amazing and your syntax is dead on.

     

    however I am still not able to login with AD accounts for some reason so I may have to go ahead and open a case with F5 and see if they can help with this.

     

    I will post the solution here after it's identified for the benefit of all fellow F5'ers.

     

    Thank you all very much.

     

    MJ

     

  • All, right after I posted my above comment, I went back and changed the settings a little and it work. Thanks all for your help

     

    here's the working config: