Central Management Console (CMC)

turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Administrator
Administrator
cgeary
Posts: 932
Registered: 06-28-2010
0

Re: Common Administration Login

Options

04-18-2012 09:46 AM

Common Auth can be used in the scenario described, as long as a user named “backup” doesn’t exist on TACACS (funny things can happen if there’s a remote user named the same as a local user but isn’t mapped that way).

--------------------------------------------
Chris Geary - Riverbed Support
--------------------------------------------
If this answered your question, please click "Accept as Solution" ------->
Message 1 of 5 (113 Views)
 
Reply
Fry awarren21
Fry
awarren21
Posts: 2
Registered: 10-10-2011
0

Re: Common Administration Login

Options

04-17-2012 05:04 AM

Hi Chris,

 

Reading msoldner's post, I think it may be similar to what I would like to achieve.

 

Scenario:

Local user "backup" defined on CMC, and SH's (as part of initial deployment or pushed by policy)

CMC, and SH's configured to auth against Tacacs first, and then if Tacacs server is not available to fallback to Local.

 

Would the use of the Common Administration Login option be viable here, if the details matched the local "backup" user previously configured?

So, CMC > appliances would use the Common auth login (matching local user), but any direct admin attempt would use Tacacs first, and then fallback to local if tacacs servers unavailable.

 

If it works like this, then I'm happy!

 

Thanks,

 

Anthony

Message 2 of 5 (152 Views)
 
Reply
Administrator
Administrator
cgeary
Posts: 932
Registered: 06-28-2010
0

Re: Common Administration Login

Options

03-29-2012 08:53 AM

1. Common Auth only changes the credentials the CMC uses to talk to the appliances, it does _not_ change passwords on the appliances themselves. So yes, you'll need to update the passwords in your security policy to match whatever the common auth uses. We don't do this automatically because you may be configuring multiple accounts, and we can't be sure there's no TACACS/RADIUS auth on the remote end

 

2. Not sure if you mean fallback on the SH, or on the CMC, but in either case common auth is orthogonal to the fallback setting.

 

 

--------------------------------------------
Chris Geary - Riverbed Support
--------------------------------------------
If this answered your question, please click "Accept as Solution" ------->
Message 3 of 5 (247 Views)
 
Reply
Golden
Golden
jhelmly
Posts: 124
Registered: 02-16-2009
0

Re: Common Administration Login

Options

12-06-2011 08:18 AM

Did anyone from Riverbed ever respond to you?  Password management is part of why I have avoided using a TACACS account for the CMC to use to access Steelheads.  We have far too many Steelheads to have more than one place to change the password.

Message 4 of 5 (473 Views)
 
Reply
Fry msoldner
Fry
msoldner
Posts: 10
Registered: 02-01-2011
0

Common Administration Login

Options

11-22-2011 08:16 AM

Hello all,


I have a few questions around the "Common Administration Login".

 

  1. I realize it states the appliance-specific username/password will be ignored, but is it removed/disabled?  Do I still have to update my local username / password through my security policy?
  2. How does this interact if I have set to "...fall back only when services are unavailable"?  I know last time I tried that it was a mess to access anything through the CMC as it wasn't recognizing anything except TACACS.

Thanks!

Message 5 of 5 (689 Views)
 
Reply

© Copyright 2012 Riverbed Technology. All rights reserved Riverbed.com | Contact Us | Technical Support | Terms & Conditions | Privacy Policy

‬‪‬‪‬‪