Unable to login with Certificate Manager local user
I've created a local user account with the Certificate Manager role on All partitions - and have enabled tmsh access. However, when I attempt to login with this account - either GUI or SSH - I am receiving a login failed message. We don't have any password enforcement in place and access restrictions are tied to the RFC1918 address space, so that is not coming into play. We have remote auth (TACACS) enabled with fallback to local and other local accounts are able to login successfully. Thoughts? Version: 17.1.1.2 Username - cert-mgr Role - Certificate Manager Partition: All Terminal Access: tmsh Wed Sep 11 10:51:20 CDT 2024 cert-mgr 0-0 httpd(pam_audit): User=cert-mgr tty=(unknown) host=x.x.x.x failed to login after 1 attempts (start="Wed Sep 11 10:51:18 2024" end="Wed Sep 11 10:51:20 2024").: Wed Sep 11 11:00:20 CDT 2024 cert-mgr 0-0 httpd(pam_audit): User=cert-mgr tty=(unknown) host=x.x.x.x failed to login after 1 attempts (start="Wed Sep 11 11:00:18 2024" end="Wed Sep 11 11:00:20 2024").:
Ansible bigip - confirm only two local user accounts
Greetings. For security compliance purposes I'm trying to confirm that only two local user accounts exist on each F5 but not having any luck. Below are the two methods I've tried and the error messages. Any help would be greatly appreciated. Ansible 2.9.1 --- - name: check security compliance on F5s hosts: testGroup connection: local gather_facts: no vars: providerA: password: "{{ password }}" server: "{{ ansible_host }}" user: "{{ user }}" validate_certs: False tasks: - name: local users bigip_command: commands: list auth user provider: "{{ providerA }}" register: local_users - name: confirm only two user accounts exist debug: msg: "only two user accounts exist" when: local_users.stdout.find('auth user') == 2 { "msg": "The conditional check 'local_users.stdout.find('auth user') == 2' failed. The error was: error while evaluating conditional (local_users.stdout.find('auth user') == 2): 'list object' has no attribute 'find'\n\nThe error appears to be in '/tmp/bwrap_1407122_vqhuv58l/awx_1407122_2ajau8cz/project/ansible-f5-security-compliance/playbooks/main.yml': line 20, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: confirm only two user accounts exist\n^ here\n", "_ansible_no_log": false } --- - name: check security compliance on F5s hosts: testGroup connection: local gather_facts: no vars: providerA: password: "{{ password }}" server: "{{ ansible_host }}" user: "{{ user }}" validate_certs: False tasks: - name: local users bigip_device_info: gather_subset: - users provider: "{{ providerA }}" register: local_users - name: confirm only two user accounts exist debug: msg: "only two user accounts exist" when: local_users.stdout.find('full_path') == 2 { "msg": "The conditional check 'local_users.stdout.find('full_path') == 2' failed. The error was: error while evaluating conditional (local_users.stdout.find('full_path') == 2): 'dict object' has no attribute 'stdout'\n\nThe error appears to be in '/tmp/bwrap_1407131_x5we4dg9/awx_1407131_pmwj_q1j/project/ansible-f5-security-compliance/playbooks/main.yml': line 21, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: confirm only two user accounts exist\n^ here\n", "_ansible_no_log": false }vCMP, Partitions and managing self IP
Hi, Just reading vCMP for VIPRION Systems: Administration v13. I am a bit puzzled by description for creating self IPs Creating floating self IP addresses. Basically it describes that Partition assigned user (called customer administrator) is responsible for creating and managing Self IPs in his Partition. It seems to be mistake as in description of the task there is something like that: In the upper-right corner of any the BIG-IP Configuration utility screen, locate the Partition list and select the customer-specific administrative partition. If the partition selections are unavailable, you do not have a user role that allows you to change the current partition. An example of a selected partition is CustomerA_partition. How user assigned to specific partition (like Manager with Partition set to his Partition - not All) can switch Partitions? I was not able to configure user Role/Partition i a way that enables creating/editing Self IPs only for specific Partition - Am I missing something here? PiotrF5 User Management and Views
I installed the F5 Application Visibility and Reporting module on the F5 appliance. I enabled some analytics for an application. I would like to give somebody access to see all of the analytics/application statistics, but none of the configuration for the application. Is this possible?
APM - Tracking SSL users access
Hi everyone! I've been configuring a new APM Virtual Edition in the last days, and there's a thing I don't see anywhere, and don't know if it is even possible. I have a local database where I create and enable/disable the users who can log in the SSL remote connection, and I'd like to know which one of them is connected at a specific moment, when were the last time the user logged in... Is there any way to find these kind of logs or statistics? Thanks in advance, Luis.