TACACS vs local users (admin and root)

Question

Running 11.4.1&nbsp;
We implemented TACACS for administrative users and that part works fine, but when the TACACS servers are unreachable we are unable to login with local root or admin (console, ssh or web). These users work fine while TACACS is online.&nbsp;
Why can I not use the local users when TACACS is unavailable? &nbsp;

pedro_haoa · Answer

Hi,&nbsp;
By default, the BIG-IP system uses its own user directory for user authentication. If you configure a remote authentication method, such as LDAP, RADIUS, or TACACS, the system does not allow you to use local authentication as a backup method if remote authentication fails.&nbsp;
Please add more TACACS servers to avoid this or use local database instead.&nbsp;
More info here: https://support.f5.com/kb/en-us/solutions/public/13000/400/sol13456.html?sr=26331845&nbsp;

pedro_haoa · Answer

Thanks Nathan for the update.&nbsp;
So this is another issue. &nbsp;
DarrellE, please try to contact F5 technical support and open a new case.&nbsp;

nathe · Answer

Are u sure it's not logging in as a remote root or admin user when tacacs is up, and not the local one??

darrelle_142273 · Answer

Yeah, very sure. I administer the TACACS system and checked the logs while the issue was going on.

Forum Discussion

TACACS vs local users (admin and root)

4 Replies

Recent Discussions

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Related Content

Change admin account

Ansible module to update BIG-IP root/admin passwords

Living on the AWS Edge - Local Zones

TACACS+ External Monitor (Python)

Unable to login on F5 GUI using default admin/admin username & password.