Manual Chapter : Creating a RADIUS Authentication Configuration Profile
Applies To:Show Versions
- 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Creating a RADIUS Authentication Configuration Profile
To configure the BIG-IP system as a RADIUS Authentication Server for privileged user access, create a RADIUS Authentication Configuration Profile in APM.
- On the Main tab, click.
- ForName, type a name for the RADIUS Authentication Configuration Profile.
- In theClientarea, from theAvailablelist, select the clients to associate with this profile and move them to theSelectedlist.You can add clients as needed by clicking+or using .
- ForShared Secret, type the RADIUS key used to secure communication between the RADIUS client and server.
- SelectEnable RADIUS Attributesto include privilege levels in the Attribute Value Pairs in the RADIUS response.If you do not configure any RADIUS Clients and this is enabled, Cisco is used as the default.
- ForRADIUS User Groups Session Variable, type the session variable that can be used to read RADIUS user groups. Default issession.custom.ephemeral.groupsand this needs to be specified in the access policy (in this example, it is added in the Variable Assign).The user groups provide information for calculating privilege levels in RADIUS Attribute Value Pairs. The system uses string comparison to match the user group so the name must match exactly with regard to case.
- ForBypass User List, type the usernames of users that can skip ephemeral authentication, and clickAdd.If the names match, ephemeral authentication is skipped, and the request is forwarded directly to the backend RADIUS server (pool) where the user is authenticated.
- ForDeny User List, add the usernames of users that will be refused access, and for whom RADIUS requests will fail.
The RADIUS Authentication Configuration Profile is created.
Later you will need to link the RADIUS Authentication Configuration Profile and an Ephemeral Authentication Configuration (the same one associated with the Ephemeral Authentication virtual server) to a RADIUS virtual server.