Forum Discussion
santsboy_145140
Nimbostratus
NimbostratusWhen tacacs+ server is UP local authentication should be disable
Hi,
we have added remote authentication through tacacs+ to our LTMs (11.5.1) and it is working as we are able to log in with the tacacs credentials.
what we don't like is that the local admin password is also authenticating and enabling access.
How can we setup a way that only the local credentials are used to authenticate when the tacacs server is down and when the tacacs server is UP the local credentials don't provide access?
thanks a lot.
Regards,
SB
I'd love to be corrected here, but as far as I know, you can't. Pretty much every vendor except Cisco handles it this way from my experience.
mimlo_61970Cumulonimbus
I'd love to be corrected here, but as far as I know, you can't. Pretty much every vendor except Cisco handles it this way from my experience.
santsboy_145140Thanks a lot Mimlo for the answer.
We see that the remote user can only access TMSH from the CLI perspective. There is way to allow the remote access to be able to use Bash CLI?
thanks a lot.
REgards,
SB
shaggybash can also be accessed through tmsh - run /util bash
- mimlo_61970
Yes, but you have to add the user as a local user to the device. The password will still be handled via TACACS. The reason for this is because to access bash directly, the user needs an entry in /etc/passwd.
- santsboy_145140
thanks a lot Shaggy and Mimlo.
it worked using run /util bash.
thanks for the help, it is much appreciated.
regards
SB