Forum Discussion
Renato1
Nimbostratus
NimbostratusForce TACACS log on
Hi all
I've enabled Tacacs on the F5 BIG-IP version 12.1 and all is working, but people can still login as root account if they know the username and password.
With Cisco you can have a local account, but it will never authenticate agaisnt the local account if the Tacacs server is online.
Can you do the same with F5?
I don't want users using root or any local account if Tacacs is enabled and working. The local account is only when Tacacs fails
1 Reply
Dario_GarridoNoctilucent
Hello Renato.
admin/root account are the only users available to use local DB authentication (when TACACS/RADIUS/... is enabled)
You can avoid this situation performing this procedure:
https://support.f5.com/csp/article/K15632
KR,
Dario.
