Forum Discussion

fkuser_104673's avatar
fkuser_104673
Icon for Nimbostratus rankNimbostratus
Nov 10, 2009

WEB UIO Remote Autentication

What happens if remote autentication is defined to access to the Web UI and it fails?

 

 

I mean, as example, the remote RADIUS server is nos responding. The local user database is used? or it just fails?

 

 

This doesn't found anything related about this situation. Anybody knows the behaviour?

 

 

Thanks!
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    If the remote server isn't available, then the authentication fails. Only locally authenticated accounts (root/admin) would be granted access.

     

     

    Aaron
  • And if exists more accounts locally defined in the BIG-IP LTM, is possible to use that users?
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    As far as I'm aware, admin and root are the only accounts that can be authenticated locally if remote admin auth is configured. The other users won't have a password defined and so couldn't be authenticated locally. I haven't tested this lately, but that's my understanding. If you do end up testing this, could you confirm or correct this?

     

     

    Thanks,

     

    Aaron
  • Ok!

     

     

    Thanks for your fast answer. I'm going to try this, I have 8 users locally defined and in fact with passwords stored. I will define the remote server and then I will test the acces with that users.

     

     

    I'll tell you the results.

     

     

    Thanks for your fast answer!
  • That is my understanding as well, Hoolio. The root/admin accounts work at all times on BIG-IP, whereas in most environments I've utilized AAA, the local accounts are only available if the remote access server is inaccessible.
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Yep, I just did a quick test on 10.0.1 and found that the user in the bigip.conf seems to be maintained (including the password) when you switch from local to remote admin auth. But with a non-existent auth server no one but root/admin can log in. Upon switching back to local auth, the pre-existing user accounts worked again.

     

     

    Aaron