Security

Reply
Occasional Contributor II
Posts: 11
Registered: ‎05-16-2012

List of TACACS/RADIUS supported vendors

Hi,

 

Does anyone know of a list of supported vendors on CPPM? Using TACACS and RADIUS with vendor specific attributes? 

 

Regards,

 

Z.

Aruba
Posts: 113
Registered: ‎11-21-2011

Re: List of TACACS/RADIUS supported vendors

Occasional Contributor II
Posts: 11
Registered: ‎05-16-2012

Re: List of TACACS/RADIUS supported vendors

Thanks for that list - i have calls out with Aruba for F5 and Fortinet as we can't get it working with either. We can get the authentication but not passing back the vendor specific attributes. I am sure when we get it working we will be able to add F5 to that list.

 

Regards,

 

Z

Aruba
Posts: 113
Registered: ‎11-21-2011

Re: List of TACACS/RADIUS supported vendors

This is what I have for Fortinet:

 

VENDOR Fortinet 12356

BEGIN-VENDOR Fortinet
ATTRIBUTE Fortinet-Group-Name 1 string
ATTRIBUTE Fortinet-Client-IP-Address 2 ipaddr
ATTRIBUTE Fortinet-Vdom-Name 3 string
ATTRIBUTE Fortinet-Client-IPv6-Address 4 octets
ATTRIBUTE Fortinet-Interface-Name 5 string
ATTRIBUTE Fortinet-Access-Profile 6 string

 

 

And this is what I found for F5 (from http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11431):

 

VENDOR F5 3375
BEGIN-VENDOR F5

ATTRIBUTE F5-LTM-User-Role 1 integer
ATTRIBUTE F5-LTM-User-Role-Universal 2 integer # enable/disable
ATTRIBUTE F5-LTM-User-Partition 3 string
ATTRIBUTE F5-LTM-User-Console 4 integer # enable/disable
ATTRIBUTE F5-LTM-User-Shell 5 string # supported values are disable, tmsh, and bpsh
ATTRIBUTE F5-LTM-User-Context-1 10 integer
ATTRIBUTE F5-LTM-User-Context-2 11 integer
ATTRIBUTE F5-LTM-User-Info-1 12 string
ATTRIBUTE F5-LTM-User-Info-2 13 string

VALUE F5-LTM-User-Role Administrator 0
VALUE F5-LTM-User-Role Resource-Admin 20
VALUE F5-LTM-User-Role User-Manager 40
VALUE F5-LTM-User-Role Auditor 80
VALUE F5-LTM-User-Role Manager 100
VALUE F5-LTM-User-Role App-Editor 300
VALUE F5-LTM-User-Role Operator 400
VALUE F5-LTM-User-Role Guest 700
VALUE F5-LTM-User-Role Policy-Editor 800
VALUE F5-LTM-User-Role No-Access 900

VALUE F5-LTM-User-Role-Universal Disabled 0
VALUE F5-LTM-User-Role-Universal Enabled 1

VALUE F5-LTM-User-Console Disabled 0
VALUE F5-LTM-User-Console Enabled 1

END-VENDOR F5

 

 

Occasional Contributor II
Posts: 11
Registered: ‎05-16-2012

Re: List of TACACS/RADIUS supported vendors

Thanks - we worked with Gowri on Friday and managed to get F5 working. The Fortinet doesn't seem to be sending and authorization request after the authentication request so taking that up with our Fortinet support.

 

Our Fortinet attributes from their website:

TACACS+ Server AV pairs
service=fortigate
memberof=<TACACS+ group>
admin_prof=<Required Acc Profile>

 

And for F5 we have:

   <ServiceAttribute dataType="String" dispName="F5-LTM-User-Info-1" name="F5-LTM-User-Info-1" />

   <ServiceAttribute dataType="String" dispName="F5-LTM-User-Console" name="F5-LTM-User-Console" />

   <ServiceAttribute dataType="String" dispName="F5-LTM-User-Role" name="F5-LTM-User-Role" />

   <ServiceAttribute dataType="String" dispName="F5-LTM-User-Partition" name="F5-LTM-User-Partition" />

 

I appreciate everyone's input.

 

Cheers,

 

Z

Occasional Contributor I
Posts: 8
Registered: ‎10-30-2012

Re: List of TACACS/RADIUS supported vendors

Hi!

Same question for CheckPoint (VPN).

 

 

Thanks you in advance!!

Thomas

Occasional Contributor II
Posts: 11
Registered: ‎05-16-2012

Re: List of TACACS/RADIUS supported vendors

tschloss - sorry we have binned all our Checkpoints so haven't had to get that vendor working on CPPM.

 

We do have Sourcefire, Juniper, Fortigate, F5, Cisco, Avocent, Aruba and Citrix..... that's more than enough :)

 

Z.

Occasional Contributor I
Posts: 5
Registered: ‎08-04-2016

Re: List of TACACS/RADIUS supported vendors

How about Juniper netscreen SSG? Anyone can get it to work for TACACS+?

Search Airheads
Showing results for 
Search instead for 
Did you mean: