TACACS vs local users (admin and root)

Question

Running 11.4.1&nbsp;
We implemented TACACS for administrative users and that part works fine, but when the TACACS servers are unreachable we are unable to login with local root or admin (console, ssh or web). These users work fine while TACACS is online.&nbsp;
Why can I not use the local users when TACACS is unavailable? &nbsp;

pedro_haoa · Answer

Hi,&nbsp;
By default, the BIG-IP system uses its own user directory for user authentication. If you configure a remote authentication method, such as LDAP, RADIUS, or TACACS, the system does not allow you to use local authentication as a backup method if remote authentication fails.&nbsp;
Please add more TACACS servers to avoid this or use local database instead.&nbsp;
More info here: https://support.f5.com/kb/en-us/solutions/public/13000/400/sol13456.html?sr=26331845&nbsp;

pedro_haoa · Answer

Thanks Nathan for the update.&nbsp;
So this is another issue. &nbsp;
DarrellE, please try to contact F5 technical support and open a new case.&nbsp;

nathe · Answer

Are u sure it's not logging in as a remote root or admin user when tacacs is up, and not the local one??

darrelle_142273 · Answer

Yeah, very sure. I administer the TACACS system and checked the logs while the issue was going on.

Forum Discussion

TACACS vs local users (admin and root)

4 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Raise your hand if you'll be at AppWorld 2026

Behavior of masterkey on rSeries

run failover xxxxxx

Single LTM with multiple GTM domains

Question about adding VEs to existing physical appliance device group without ASM licenses

Related Content

TACACS+ External Monitor (Python)

TACACS+ Remote Role Configuration for BIG-IP

Ansible module to update BIG-IP root/admin passwords

TACACS issue

Change admin account

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS