Forum Discussion
- JRahmAdmintmsh create /auth user role shell partition-access encrypted-password|password|prompt-for-password
- epaalxCirrus"TMOS Management Guide for BIG-IP Systems" says: "Excluding the admin account, the entire set of standard user accounts that you create for BIG-IP system administrators must reside either locally on the BIG-IP system, or remotely on another type of authentication server."
- WillyNimbostratus
I am a bit confused now,in the top rectangle it is mentioned "can't be done".
The next rectangle provides a command for doing it ?
At this moment we are using version 12.1.3.7. Is there any change ?
We would like to use one extra local user on top of the remote users , to run a script for automated backup with keys.
Point is that we would like to take the server the initiative for the actions.
Anyone a suggestion ?
Hi Willy,
- Enable "Fallback to Local" (System » Users » Authentication)
- Create a user (System » Users » User List)
- Run the below command:
echo "username" >> /config/bigip/auth/localusers sed -ri 's/(localonlyusers LT_STRING_LIST.*)"/\1 \\{username\\}"/' /etc/confpp.dat
- Stefan_KlotzCumulonimbus
Hi Enes,
these two commands work perfectly on our system.
But I noticed today (some weeks after implementation), that login with this local user is not possible anymore. I found out, that the changes to your mentioned files were gone. Are these settings maybe not reboot-safe or gets lost during a software update?
Can you please share some details here and is it possible to have these settings persistent?
Thank you!
Ciao Stefan :)
- WillyNimbostratus
Hello,
I have been looking for the Fallback to Local, in the above screen :
Is it possible that this option is not available in 12.1.3.7 ?
Available from v13.
Can you try this command?
modify /sys db systemauth.fallback.remotetolocal value true
I think, it is not possible in TACACS+ authentication on v12.1.x.
- WillyNimbostratus
Hello eaa,
Tried to modify the database parameter, and succeeded, but stil not able to create a local user. When I tried to create a user via cli, and then change the password, I still get the answer "Please change the password at the remote authentication server". Also in the GUI there is no extra trace of a field that suggest a local user fallback. Maybe it is easier to plan a migration to version 13.
There is no fallback authentication.
- DojsCirrostratus
Remove the Radius Authentication, create the users and config it again.
- WillyNimbostratus
Thank you jaikumar_f5 and Dojs for your advice and effort. I will go for the update to a version above 12, it is than a standard feature.
- Sam_NovakAltostratus
/etc/cron.hourly/localUserInsert
#!/bin/bash grep myUser /config/bigip/auth/localusers if [ $? -eq 1 ]; then echo myUser >> /config/bigip/auth/localusers fi
And i'll probably need to recreate it after every upgrade, but that's not a big deal.