Forum Discussion
Tacacs+ and users
Hello all,
So I am seeing an issue with my configuration and users. I have a V14 virtual that is configured to tacacs+. I have an account on the BigIP and used it to authenticate through the tacacs and got admin access with advanced shell. I have other users that have profiles on the tacacs server and when they log into the F5 they get full Gui but only tmsh in ssh. They do not have an account on the F5 but it seems to allow them to authenticate as external users.
The weird thing is when I had one of them add a local account on the F5 and hit finished. We had it set to administrator and advanced shell access (which is the way my account was configured) Once he hit finished it kicked him out and now it is not allowing him to log back in. I had to go delete the user account and he could then re-authenticate as an external user.
My question is, "Is this something I am doing wrong on the F5 or is it the configuration on the Tacacs+ server?"
Thanks all!
Typically on the BIG-IP you use existing roles and then on the TACACS+ device you specify your users so that they can authenticate using TACACS+. I have only had to configure users directly on the device in conjunction with the TACACS+ server for the BIG-IQ but never the BIG-IP. Are you not using the existing roles on the BIG-IP? The following article might be of some help.
https://my.f5.com/manage/s/article/K40947119
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com