Forum Discussion
Configuring remote authentication fallback on BIG-IP systems does still not work!
You are right, BUT according to the article (see 2nd bullet point in red) below it should still be possible to use local accounts.
https://my.f5.com/manage/s/article/K67025432
You should consider using this procedure when your BIG-IP system is configured for remote authentication for BIG-IP system users.
- You want a local users to be able to access the BIG-IP system when the remote authentication server is unavailable.
- You want a local users to be able to access to the BIG-IP system when the users are locally configured on the BIG-IP and are not configured on the remote authentication server.
So it could be that this fallback feautre works as expectetd but than this article is a bit missleading...
Regards
Lukas
You're right, it's a little misleading.
What the bullet point refers to (I believe), is that this configuration supports users that CAN access the unit, and AREN'T configured on the remote server. BUT, those will ONLY work when TACACS is not reacheable, which will be the failback scenario.
Without failback enabled, local users WILL NOT work, even if TACACS is down, and this is the difference that the BP wants to highlight.
For local users to work when TACACS is up, I'm pretty sure you need to map them in the auth server.
( thrillseeker I have edited the comment a couple times, I'm tagging you so it triggers a notification and I'm sure you don't miss latest update )
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com