For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Thrillseeker_12's avatar
Thrillseeker_12
Icon for Cirrus rankCirrus
Oct 07, 2013

TACACS Auth with Remote Role Groups --> Terminal Access

Hi,   For one of our customers I recently setup up TACACS Auth with Remote Role Groups. The setup works very good far. But when I tried to define something other (e.g. /bin/bash) than TMSH in ...
rthakker_233194's avatar
rthakker_233194
Icon for Nimbostratus rankNimbostratus
Nov 09, 2015

Hi,

 

This post is couple of years old but I am facing similar issue and using Radius.

 

By giving tmash access I can certainly access Bash. But my problem is due to strict auditing policy enforced I am loosing out accountability of the users which they are using Bash. For example as a radmin user when I created directory under /home the owner of the directory is 'root'.

 

rdmin@(F5-01)(cfg-sync Standalone)(/S1-green-P:Active)(/Common)(tmos) run /util bash [radmin@F5-01:/S1-green-P:Active:Standalone] ~ whoami root [radmin@F5-01:/S1-green-P:Active:Standalone] ~ cd /home/ [radmin@F5-01:/S1-green-P:Active:Standalone] home mkdir radmindir [radmin@F5-01:/S1-green-P:Active:Standalone] home ls -al total 12 drwxr-xr-x 6 root root 1024 Nov 9 15:50 . drwxr-xr-x 27 root root 1024 Oct 28 17:05 .. drwx------ 2 root webusers 1024 Jul 28 03:53 admin drwx------ 2 f5_remoteuser f5_remoteuser 1024 Jul 28 03:54 f5_remoteuser drwx------ 2 root root 1024 Nov 9 15:50 radmindir drwx------ 2 root webusers 1024 Nov 4 15:34 root [radmin@F5-01:/S1-green-P:Active:Standalone] home

 

So I was wondering if anyone found solution to this problem as it's been couple of years since original post.

 

Thanks RT