Local users account are not working in Big-iq.

Question

I have created local users account with administrator role and permissions in F5 Big-iq to run some tests.

When I logout and login again with the user that I created, big-iq was giving me authentication failure message in both gui and cli. I used the correct password, verified audit logs just says authentication failed with no explanation.

Is this some bug or is it normal behavior of big-iq not to allow any local account other than admin.

f5_sj · Answer

Thanks Paulius&nbsp;I'll check it with support.

paulius · Answer

F5_SJ This could be a bug if your user has met password complexity and you still can't log in. I would open up a case with F5 to see if they can sort this out. Most likely they will want you to upgrade the code to the current supported so you might try that first. Since this device isn't critical to the functionality of the F5 devices it manages you might be able to perform the upgrade during business hours.

paulius · Answer

F5_SJ Any other local user that you create should work. Are you able to log in at all as this user or even the first login attempt doesn't work? Can you show us the settings for this new user?

f5_sj · Answer

Paulius&nbsp;:The first login attempt is not working.auth user new user {encrypted password xxxxpartition Commonpartition access {&nbsp; &nbsp; &nbsp;all-partition {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;role admin&nbsp;&nbsp; &nbsp; }}shell tmsh}

paulius · Answer

F5_SJ Based on that output this user will not be able to log into CLI at all but should be able to log into the GUI. I created a user using the same settings as what you provided on a BIG-IQ that I have access to and I was able to log into the GUI. If you have remote authentication configured on your BIG-IQ you do have to click the drop down menu on the login page for the BIG-IQ and change it to "local" in order for it to work properly. If you do have remote authentication configured such as TACACS+ configured and you do not see this option at login it has been disabled in the configuration and you will have to enable the option to make the appropriate selection. Other than what has been mentioned here, if this doesn't work I recommend opening a case with F5 to see if they have a solution to your issue.

Forum Discussion

Local users account are not working in Big-iq.

6 Replies

Recent Discussions

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

ASM instance creation

Can iRule mask the payload content on event logs of security

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

F5Access | MacOS Sonoma

Related Content

Insufficient permissions BIG-IQ login error

Re: Get Started with BIG-IP Virtual Edition (VE), BIG-IQ VE or BIG-IP Cloud Edition Trial

Create a DevCentral account

What is BIG-IQ?

Managing BIG-IP Licensing With BIG-IQ