Forum Discussion
- Sam_NovakAltostratus
/etc/cron.hourly/localUserInsert
#!/bin/bash grep myUser /config/bigip/auth/localusers if [ $? -eq 1 ]; then echo myUser >> /config/bigip/auth/localusers fi
And i'll probably need to recreate it after every upgrade, but that's not a big deal.
- WillyNimbostratus
Thank you jaikumar_f5 and Dojs for your advice and effort. I will go for the update to a version above 12, it is than a standard feature.
- DojsCirrostratus
Remove the Radius Authentication, create the users and config it again.
- WillyNimbostratus
Hello eaa,
Tried to modify the database parameter, and succeeded, but stil not able to create a local user. When I tried to create a user via cli, and then change the password, I still get the answer "Please change the password at the remote authentication server". Also in the GUI there is no extra trace of a field that suggest a local user fallback. Maybe it is easier to plan a migration to version 13.
There is no fallback authentication.
- WillyNimbostratus
Hello,
I have been looking for the Fallback to Local, in the above screen :
Is it possible that this option is not available in 12.1.3.7 ?
Available from v13.
Can you try this command?
modify /sys db systemauth.fallback.remotetolocal value true
I think, it is not possible in TACACS+ authentication on v12.1.x.
- WillyNimbostratus
I am a bit confused now,in the top rectangle it is mentioned "can't be done".
The next rectangle provides a command for doing it ?
At this moment we are using version 12.1.3.7. Is there any change ?
We would like to use one extra local user on top of the remote users , to run a script for automated backup with keys.
Point is that we would like to take the server the initiative for the actions.
Anyone a suggestion ?
Hi Willy,
- Enable "Fallback to Local" (System » Users » Authentication)
- Create a user (System » Users » User List)
- Run the below command:
echo "username" >> /config/bigip/auth/localusers sed -ri 's/(localonlyusers LT_STRING_LIST.*)"/\1 \\{username\\}"/' /etc/confpp.dat
That is the behavior of the box. Please refer the article K11333640.
To overcome this, you'll have to create a startup script. Which would be on /config/startup.
Did you put the entries there & yet you see this issue ?
Also note this is pretty 10 year old thread, please open a new thread so it could be addressed properly.
- epaalxCirrus"TMOS Management Guide for BIG-IP Systems" says: "Excluding the admin account, the entire set of standard user accounts that you create for BIG-IP system administrators must reside either locally on the BIG-IP system, or remotely on another type of authentication server."
- JRahmAdmintmsh create /auth user role shell partition-access encrypted-password|password|prompt-for-password