We would like to disable local user remote login via ssh/telnet and only allow TACACS remote login. Is the correct method just to disable "Allow Local Authentication?" we would want to be able to login locally with root/admin if the network is down still.
Yes, if you disable that setting, only authentications from your external server (RADIUS/TACACS+) are allowed. If the external server is not reachable (no response/timeout), local authentication is allowed.
So this seemed to work the way I guess it should have but now we can't have our front desk users login to do guest provisioning. Is there any way to limit remote logins to just guest provision users and not the admin/root ones?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.