Lock out from Big IP after setting up Tacacs+

Question

Is their any way to remove tacacs+ configuration from single user mode or roll back to local authentication mode.&nbsp;
We have lost root as well as admin access to the devices immediately after configuring tacacs+. The config synced to the standby pair and locked us out completely.  We have attempted to reset the root password using single user mode but in vain.   &nbsp;
We don't even see any hits on Cisco ACS from F5. We are using version 11.6.0.   &nbsp;
Any ideas and advice is appreciated.&nbsp;

mohammed_124031 · Answer

We think we hit the following bug sol12304. Attempting to carry out the recovery procedure.

kevin_davies_40 · Answer

Well according to that article you need to reboot into single user mode (SOL4178). Update /config/bigip.conf, replace tacacs with the word local.
system {
   auth source type tacacs
}

Save and remove binary versions with
rm /var/db/mcpdb.*
Now reboot.
When the system comes up, verify you can login using admin user on the GUI. Push the config to the standby device.

mohammed_124031 · Answer

This procedure resolved the issue &nbsp;
sol12304: The TACACS+ secret key must not contain the pound sign ()
http://support.f5.com/kb/en-us/solutions/public/12000/300/sol12304.htmlp1&nbsp;

Forum Discussion

Lock out from Big IP after setting up Tacacs+

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

TACACS+ External Monitor (Python)

Setting up persistence in F5 XC

Setting up BIG-IP with AWS CloudHSM

TACACS+ Remote Role Configuration for BIG-IP

Set HTTP version

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS