I want to create a local user account on our BIG-IPs to allow our security team to audit. After I create a local user account, assign partitions/role, etc, I cannot log in with that local account.
When I browse to System > Logs > Audit, I see the BIG-IP attempting to validate the credentials against our AD server.
How can I configure both remote and local authentication?
Concurrent use of local and remote authentication for BIG-IP users has some restrictions. The article K49218438: Configuring local authentication as a backup method for remote authentication (13.x - 14.x) describes the circumstances under which you can use both. In summary, beginning in BIG-IP v13.0 you can use local authentication as a fallback for remote authentication if the remote authentication server is unavailable. (I don't read that as "remote authentication fails due to invalid credentials.") My understanding is that only the default admin and root users are authenticated locally. You could use one of those for audit purposes - admin for GUI and command line (optional); root only for command line. Admin is probably preferred for security reasons.
Thanks for the insight!