CirrusHi there,
does F5 support, that login with admin- and root-account is NOT possible, when remote authentication like RADIUS is configured and reachable? And if yes, how and where can this be configured? Or is this not possible at all and admin- and root-account are ALWAYS working and can't be disabled?
Thank you!
Ciao Stefan :)
CirrocumulusStefan, I don't believe that is possible. Admin and root are always available even if remote auth is configured. It's a safety mechanism in case the remote auth server goes down.
N
CirrusHi Nathan,
thanks for the quick response. Yes that was also my understanding up to now, but yesterday I learned that (if I remember correctly) for Cisco device this seems to be possible. I mean it seems there is an internal mechanism, which checks if the remote authentication server is reachable and if yes, admin- and root-account are not working. Only if it's not reachable, you can use the local accounts. Therefor the customer was asking if this is possible with the F5s as well. I already assumed it's not, but just wanted to double check with the experts.
Ciao Stefan :)
CirrusSounds like you want to enable 'Appliance Mode' This can be done on a temporary basis or as a license change, which F5 will do free of charge. For root temporary
tmsh modify sys db systemauth.disablerootlogin value truetmsh save sys config