Closed cjwolford closed 6 years ago
Hi, Chris, So the official word from F5 (per the contents of this article) is that v12 and higher is required to use remote auth with iControl REST. However, the final comment on that same article from a few months back indicates that one guy got this to work with 11.6.1.
There may be a way to achieve what you want by altering the JSON payload in \Public\New-F5Session.ps1, but I'm not yet clear what the new value would be. The comment mentioned above talks about modifying the LoginReference but the LoginReference is a value that's returned from request for a token, and I'm not able to even get a token if the LTM is set to use AD. Any change an upgrade to v12 or later is in your future. :)
Hi Joel,
From that article I think it's clear why I'm not able to connect. I showed it to our network guys and they said they've seen the same thing. Temporarily, I might just get a local account created to try it with.
But i think our solution is to update to 12, which they said might happen in the next few weeks after they do it in our lab.
Ok, Chris. Let me know if you have any issues when using the local account. I'll leave this issue open for a week or two, and if I don't hear back, I'll assume you were able to get things resolved.
Cheers, Joel
Closing - assuming things have been resolved.
When I attempt to establish a connection I am getting two errors:
New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyLTMCreds
ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. Invoke-F5RestMethod : "401 F5 Authorization Required:
I have tried connecting use the hostname and IP of each device. The AD account is under the Remote Role Group that providers the Administrator role and tmsh terminal access.
I've also attempted the connect with the following commands: New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyLTMCreds -Default $F5Session = New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyLTMCreds -PassThrough
I've tried specifying my credentials with New-Object System.Management.Automation.PSCredential and also with Get-Credential. If I leave off the domain\ or put the wrong password I get Invoke-F5RestMethod : "401 F5 Authorization Required: Authorization failed: so it is trying the password.
I also see successful authentication events in AD using the account coming from the F5 vip.
Here is the full errors: ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\Program Files\WindowsPowerShell\Modules\f5-ltm\1.4.213\Private\Invoke-F5RestMethod.ps1:39 char:50
Invoke-F5RestMethod : "401 F5 Authorization Required: At C:\Program Files\WindowsPowerShell\Modules\f5-ltm\1.4.213\Public\New-F5Session.ps1:95 char:13
I'm able to connect with the icontrolsnapin powershell. This is on Windows 10 and PowerShell 5.1.17063.1000