Due to the recent SQL injection attacks on our firewalls, we are taking the precaution of changing all of our local passwords. We don't have a whole lot on there, but the trouble is they are mixed in with AD users. There are over 900 users on our main firewall. According to KB 135419 - yes I can go into each user and look at a field. With any large amount of users this is totally impractical. It looks like all the users that came over from AD have the domain appended to the end of the username. I've sorted those out with the filter for now, but this doesn't necessarily mean they are AD accounts. They could still be local.
How can I filter on only my local accounts?
I'm not 100% sure, but as far s I see local users have the "authserverid" value set to "1" in the datebase.
so you could grep them from the advanced shell with:
psql -U nobody -d corporate -c "select * from tbluser where authserverid=1"
as far as i understand AD/tacacs/ldap users have the value set to "3", but it could also refer to the 3rd (or 2nd) auth server...