Force TACACS log on

Question

Hi all&nbsp;I've enabled Tacacs on the F5 BIG-IP version 12.1 and all is working, but people can still login as root account if they know the username and password.With Cisco you can have a local account, but it will never authenticate agaisnt the local account if the Tacacs server is online.&nbsp;Can you do the same with F5?&nbsp;I don't want users using root or any local account if Tacacs is enabled and working. The local account is only when Tacacs fails&nbsp;

dario_garrido · Answer

Hello Renato.&nbsp;admin/root account are the only users available to use local DB authentication (when TACACS/RADIUS/... is enabled)&nbsp;You can avoid this situation performing this procedure:https://support.f5.com/csp/article/K15632&nbsp;KR,Dario.

Forum Discussion

Force TACACS log on

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Related Content

TACACS+ External Monitor (Python)

TACACS issue

Brute Force protection for single parameter like OTP

What are You a Force For?

TACACS+ Remote Role Configuration for BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS