Forum Discussion
Leo_Rodrigues_1
Altocumulus
AltocumulusBig IP LTM - first authenticate against Radius, then with a local account of last resort
Hello.
We have a pair of LTM boxes successfully authenticating with a pair of radius servers. I noticed that the local accounts are still available to log in.
Is there a way to force the L...
Leo_Rodrigues_1Altocumulus
AltocumulusHi Seth.
Yes, remote authentication.
The only remaining user are indeed root and Admin. But the Admin account can still be used to login and administer the boxes even with remote authentication configured.
I would like to disable the Admin account, but only while the Radius servers are available, to maintain the track of who changes what (force the team to use Radius). I would not like to delete the Admin account, because if the radius servers are for some reason down, nobody will be able to log in to the LTM.
The desired behavior would be just like what is available with Cisco AAA. (local accounts are only available to login if the Radius group of radius servers are down).
Thanks.
Seth_CooperEmployee
Leo, It is not possible to achieve this today. The admin user is always available so you can make sure to have access. You can put in security processes to change the password often and store them in a place that is logged when a user accesses it. You can always submit a RFE to request the ability to disable the admin account. -Seth
