cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

tacacs not working for CLI access only on active unit

shinchan-f5
Cirrus
Cirrus

We are facing an issue where tacacs users are not able to login the CLI (ssh) of Active F5. GUI login is working fine for TACACS users on active F5.

The SSH session via putty prompts for credential, but the putty window disappear as soon as he enters the credential.

TACACS users are able to login to gui and cli perfectly fine on standby box.

 

Checks performed:

  1. The route for tacacs server is through management ip and reachable.(gui is working for active). There are no failure logs in /var/log/secure|audit.
  2. Configuration for role group for tacacs on F5 is allowed for tmsh and is having adminstrator access.
  3. sshd[14095]: pam_bigip_authz: authenticated user XXXXX with role 0 (Administrator) in partition [All].
  4. When accessed the ssh through root account. Was able to login but something wierd exception (below) was given when I tried accessing tmsh utility by running the 'tmsh' command from bash utility.

Exception: (can't open command history file (/root/.tmsh-history-root), Read-only file system (framework/CmdHistoryFile.cpp, line 90), exiting…

0 REPLIES 0