Cautionary note to the reader. While this works great to see configuration revisions it is not a full backup of the F5 configuration. Aside from certificates and keys most things will be there but you can’t use it as is to restore a box.

If using local auth you can just create an admin user and you’re good to go. However, when using remote authorization you need to fiddle around with the configuration a bit.

When using remote auth the users are not present in the /etc/passwd file which makes it impossible for the OS to assign a specific shell. You can read the official KB article about it here: https://support.f5.com/csp/article/K10272

Lucky enough, the steps to work around this limitation are simple:

  1. Verify that you have access to the root/admin passwords so be safe
  2. Change the auth from the remote auth method to local. ie. ldap -> local
  3. Create a local admin user for oxidized with permission to use the advanced shell
  4. Revert back to the previous remote auth method

In the case of ldap all settings was saved so I did not have to re-configure it.

Now, if you have many devices to configure (I did) here’s the tmsh commands you need:

modify auth source type local
create auth user ouroxidizeduser partition-access add { all-partitions { role admin } } shell bash password ouroxidizedpassword
modify auth source type ldap

Voilà!

Related Posts

Leave a Reply

Your email address will not be published.