Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Create local user account while using remote auth

I want to create a local user account on our BIG-IPs to allow our security team to audit. After I create a local user account, assign partitions/role, etc, I cannot log in with that local account.

When I browse to System > Logs > Audit, I see the BIG-IP attempting to validate the credentials against our AD server.

How can I configure both remote and local authentication?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Concurrent use of local and remote authentication for BIG-IP users has some restrictions. The article K49218438: Configuring local authentication as a backup method for remote authentication (13.x - 14.x) describes the circumstances under which you can use both. In summary, beginning in BIG-IP v13.0 you can use local authentication as a fallback for remote authentication if the remote authentication server is unavailable. (I don't read that as "remote authentication fails due to invalid credentials.") My understanding is that only the default admin and root users are authenticated locally. You could use one of those for audit purposes - admin for GUI and command line (optional); root only for command line. Admin is probably preferred for security reasons.

0
Comments on this Answer
Comment made 3 months ago by Zuke 348

Thanks for the insight!

0