Forum Discussion
D_Miller_23555
Feb 07, 2012Nimbostratus
failed login attempts after upgrade on LTM
Just upgraded from 10.2.0 to 10.2.3. Had TACACS working before the upgrade, now getting login failures. ACS reports that I successfully passed authentication. The /var/log/secure states that it could not identify user (from getpwnam.
Is there something new I need to configure in the upgrade to make the F5 pass tacacs authentications.
- nitassEmployeecan you check authorization configuration?
- Cory_50405NoctilucentWe had this issue when we upgraded to 10.2.3. There is an easy fix.
- D_Miller_23555Nimbostratus@Cory,
- Ayzon_112108NimbostratusHi,
- Tino_92393NimbostratusHi all,
- What_Lies_Bene1CirrostratusIt's my belief that local administrative user accounts can still be used even when remote authentication is working.
- Tino_92393Nimbostratus
Thanks. So what does the statement from F5 refers to?
- What_Lies_Bene1Cirrostratus
I think it's simply incorrect, or refers to local accounts configured solely to allow Advanced Shell access, even though the accounts are remotely authenticated.
You should be able to test this very easily.
- Tino_92393NimbostratusWish i have a test box to try it out. Doing it in Prod so have to make sure that i don't get lock out.
- What_Lies_Bene1CirrostratusThat is my belief yes. It's still testable really as you can try logging in as admin or root once you've configured remote authentication. Before you do, make sure you have a specific route (the default won't do) to your authentication servers configured in the HMS (not LTM). Use this command to create one: [tmsh] create sys management-route name network/prefix gateway gateway-ip
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects