{"id":958,"date":"2016-01-08T20:58:00","date_gmt":"2016-01-08T20:58:00","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2016\/01\/08\/f5-unable-to-create-local-account-with-remote-auth\/"},"modified":"2021-07-31T11:21:54","modified_gmt":"2021-07-31T11:21:54","slug":"f5-unable-to-create-local-account-with-remote-auth","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Loadbalancers\/F5-BIG-IP\/f5-unable-to-create-local-account-with-remote-auth.html","title":{"rendered":"F5 – Unable to Create Local Account with Remote Auth"},"content":{"rendered":"
When remote authentication is configured it is not possible (out of the box) to configure local user accounts. Other then the default admin and root accounts provided.<\/p>\n
This is also stated within the TMOS Management Guide for BIG-IP Systems, which says: “Excluding the admin account, the entire set of standard user accounts that you create for BIG-IP system administrators must reside either locally on the BIG-IP system, or remotely on another type of authentication server.<\/em>”<\/p>\n In order to configure an additional local account when remote authentication is enabled a few extra commands are required. These are shown below,<\/p>\n First the account is configured within TMSH,<\/p>\n Next we configure the account to use local authentication.<\/p>\n Issue When remote authentication is configured it is not possible (out of the box) to configure local user accounts. Other then the default admin and root accounts provided. This is also stated within the TMOS Management Guide for BIG-IP Systems, which says: “Excluding the admin account, the entire set of standard user accounts that you … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[],"yoast_head":"\nSolution<\/h2>\n
create auth user USERNAME role <admin\/manager\/operator\/guest> shell <tmsh\/none> partition-acces\r\ns all prompt-for-password<\/pre>\n
run util bash\r\necho \"USERNAME\" >> \/config\/bigip\/auth\/localusers\r\nsed -ri 's\/(localonlyusers LT_STRING_LIST.*)\"\/\\1 \\{USERNAME\\}\"\/' \/etc\/confpp.dat<\/pre>\n","protected":false},"excerpt":{"rendered":"