Forum Discussion
Nimbostratususing Radius for tmsh / terminal access
I've setup Radius for LTM 11.6. It seems to work great but I've having issue accessing the CLI using my radius account. Only account I can access via CLI is using root. I want to use something else that produces an audit trail instead of sharing the root account.
10 Replies
amolariCirrostratus
To access CLI (bash or tmsh) you must enable it in the "Terminal Access" properties for your users.
Bash = "Advance shell".
The possible value you can set depends on the user role too.
Jeff_Nguyen_449tmsh is enabled, that's the first thing I checked. Is there a special syntax to use with radius when login into the CLI?
- Jeff_Nguyen_449
tmsh is enabled, that's the first thing I checked. Is there a special syntax to use with radius when login into the CLI?
shaggyenabling tmsh/advanced shell should be all you need to do. what user-role did you grant the RADIUS-authenticated users?
- Jeff_Nguyen_449
under terminal access, there's:
disabled tmsh other
I'm selecting tmsh
- Jeff_Nguyen_449
@shaggy, administrator
- shaggy
check out the /var/log/secure log-file to see if a remote-auth action is being initiated when you try to login to CLI with your RADIUS credentials
- Jeff_Nguyen_449
This is what i'm getting...
sshd(pam_audit): User=xxx tty=ssh host=146.36.209.52 failed to login after 1 attempts (start="Mon Jan 12 13:51:37 2015" end="Mon Jan 12 13:51:47 2015").:
- Benjamin_8557
Altostratus
I hava the same problem. In v11.6 HF6, It is impossible to assign bash profile to a remote role group. Only tmsh is displayed even if 'remote access' is enabled. It looks like a bug from this version?
- Jeff_Nguyen_449i found a work around. Once you're in tmsh shell, you can just type the word "bash" and the admin will be the bash shell. Hope that helps...
