Forum Discussion
CirrusBlock admin & root account when remote authentication is configured and reachable?
Hi there,
does F5 support, that login with admin- and root-account is NOT possible, when remote authentication like RADIUS is configured and reachable? And if yes, how and where can this be configured? Or is this not possible at all and admin- and root-account are ALWAYS working and can't be disabled?
Thank you!
Ciao Stefan :)
natheCirrocumulus
Stefan, I don't believe that is possible. Admin and root are always available even if remote auth is configured. It's a safety mechanism in case the remote auth server goes down.
N
Stefan_Klotz_85Hi Nathan,
thanks for the quick response. Yes that was also my understanding up to now, but yesterday I learned that (if I remember correctly) for Cisco device this seems to be possible. I mean it seems there is an internal mechanism, which checks if the remote authentication server is reachable and if yes, admin- and root-account are not working. Only if it's not reachable, you can use the local accounts. Therefor the customer was asking if this is possible with the F5s as well. I already assumed it's not, but just wanted to double check with the experts.
Ciao Stefan :)
TLL_91858Sounds like you want to enable 'Appliance Mode' This can be done on a temporary basis or as a license change, which F5 will do free of charge. For root temporary
thentmsh modify sys db systemauth.disablerootlogin value true
.tmsh save sys config