Tacacs+ and users

Question

Hello all,&nbsp;So I am seeing an issue with my configuration and users.&nbsp; I have a V14 virtual that is configured to tacacs+.&nbsp; I have an account on the BigIP and used it to authenticate through the tacacs and got admin access with advanced shell.&nbsp; I have other users that have profiles on the tacacs server and when they log into the F5 they get full Gui but only tmsh in ssh.&nbsp; They do not have an account on the F5 but it seems to allow them to authenticate as external users.&nbsp;The weird thing is when I had one of them add a local account on the F5 and hit finished.&nbsp; We had it set to administrator and advanced shell access (which is the way my account was configured)&nbsp; Once he hit finished it kicked him out and now it is not allowing him to log back in.&nbsp; I had to go delete the user account and he could then re-authenticate as an external user.&nbsp;My question is, "Is this something I am doing wrong on the F5 or is it the configuration on the Tacacs+ server?"&nbsp;Thanks all!

paulius · Answer

Typically on the BIG-IP you use existing roles and then on the TACACS+ device you specify your users so that they can authenticate using TACACS+. I have only had to configure users directly on the device in conjunction with the TACACS+ server for the BIG-IQ but never the BIG-IP. Are you not using the existing roles on the BIG-IP? The following article might be of some help.
https://my.f5.com/manage/s/article/K40947119

Forum Discussion

Tacacs+ and users

Recent Discussions

Is network access bypassing APM logon pages?

<apm_do_not_touch> in JS file failing</apm_do_not_touch>

Suddenly Can't access Login Box to F5 LTM Via SSH & GUI

LTM + GTM on same box

Application drop down menus does not work behind F5 APM Portal Access

Related Content

TACACS+ External Monitor (Python)

Securing the LLM User Experience with an AI Firewall

DEVCENTRAL END-USER LICENSE AGREEMENT

TACACS+ Remote Role Configuration for BIG-IP

Update your DevCentral user profile