F5 MGMT Interface Authentication using Remote Directory Tree: Two Domain Lookup

For Clarification --

You need to setup access for F5 Mgmt users to access the F5 via another domain?

Have you configured the F5 user access under the System Options area?(I don't have an F5 to give you the precise location, my memory is faling me right now haha! ) You can specify the IP for the secondary domain's AD server and the DN of what container "group" the users reside. You can setup the RBAC for the different groups of permissions. You will have to set a weight to the groups. The lowest number is the highest weighted.

Or, are you talking about APM and the AAA / SSO authentications?

Hi Shaun, yes. The only option is one IP for the domain controller. What do you mean by specifying the IP for the secondary domain's AD Server. ?

Secondary meaning, Domain B's PDC IP. You are correct there is only one IP that can be specified.

I guess I am not following the type of access you have configured for Domain A. Are they F5 users or, you have the F5 configured to authenticate users that access VIPs?

I can authenticate the Web MGMT via users on Domain A, and there is no option to add another Domain B. Hence, I will need to play with the remote role groups. Nope, No VIPs here, the scope is MGMT interface only.