Forum Discussion

santsboy_145140's avatar
santsboy_145140
Icon for Nimbostratus rankNimbostratus
Dec 01, 2014
Solved

When tacacs+ server is UP local authentication should be disable

Hi,

 

we have added remote authentication through tacacs+ to our LTMs (11.5.1) and it is working as we are able to log in with the tacacs credentials.

 

what we don't like is that the local admin password is also authenticating and enabling access.

 

How can we setup a way that only the local credentials are used to authenticate when the tacacs server is down and when the tacacs server is UP the local credentials don't provide access?

 

thanks a lot.

 

Regards,

 

SB

 

  • I'd love to be corrected here, but as far as I know, you can't. Pretty much every vendor except Cisco handles it this way from my experience.

     

5 Replies

  • I'd love to be corrected here, but as far as I know, you can't. Pretty much every vendor except Cisco handles it this way from my experience.

     

  • Thanks a lot Mimlo for the answer.

     

    We see that the remote user can only access TMSH from the CLI perspective. There is way to allow the remote access to be able to use Bash CLI?

     

    thanks a lot.

     

    REgards,

     

    SB

     

    • shaggy's avatar
      shaggy
      Icon for Nimbostratus rankNimbostratus
      bash can also be accessed through tmsh - run /util bash
  • Yes, but you have to add the user as a local user to the device. The password will still be handled via TACACS. The reason for this is because to access bash directly, the user needs an entry in /etc/passwd.

     

  • thanks a lot Shaggy and Mimlo.

     

    it worked using run /util bash.

     

    thanks for the help, it is much appreciated.

     

    regards

     

    SB