Manual Chapter : Ephemeral authentication with both RADIUS and LDAP

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 16.0.0
Manual Chapter

Ephemeral authentication with both RADIUS and LDAP

Detailed use cases describe how to configure LDAP/LDAPS and RADIUS separately with ephemeral authentication. You can also use both LDAP/LDAPS and RADIUS in one ephemeral authentication configuration and access policy. Several changes need to be made for the configuration to support both.
  • The same set of users must be configured with the same usernames on both the RADIUS and LDAP/LDAPS backend systems.
  • In the Ephemeral Authentication Configuration,
    Authentication Method
    must specify both LDAP and RADIUS.
  • The Ephemeral Access Configuration must specify
    User LDAP DN
    .
  • The access policy should look like the one in the LDAP use case, including the LDAP query. Because the usernames are the same on both systems, RADIUS users will successfully pass through the LDAP Query in the policy.
  • In the access policy macro, in the Advanced Resource Assign, be sure to assign all of the WebSSH, Portal Access, and Webtop Links resources needed for both RADIUS and LDAP/LDAPS.
  • Create virtual servers for Ephemeral Authentication, LDAP, LDAPS, or both, and RADIUS.
Configured this way, the same set of users can access both RADIUS and LDAP resources that are protected by ephemeral authentication methods.