Last Modified: May 29, 2024
Affected Product(s):
F5OS Velos
Fixed In:
F5OS-A 1.0.0
Opened: Nov 17, 2021 Severity: 3-Major
The external RADIUS server needed to define RADIUS attributes in the f5.dictionary to have F5OS instead of VELOS: Old version =========== ATTRIBUTE F5-VELOS-UID 21 integer ATTRIBUTE F5-VELOS-GID 22 integer ATTRIBUTE F5-VELOS-HOMEDIR 23 string ATTRIBUTE F5-VELOS-SHELL 24 string ATTRIBUTE F5-VELOS-USERINFO 25 string New version =========== ATTRIBUTE F5-F5OS-UID 21 integer ATTRIBUTE F5-F5OS-GID 22 integer ATTRIBUTE F5-F5OS-HOMEDIR 23 string ATTRIBUTE F5-F5OS-SHELL 24 string ATTRIBUTE F5-F5OS-USERINFO 25 string Note that no change for this is actually necessary because the ATTRIBUTE value is what is used, for example: For F5-F5OS-GID, the item is referenced by 22. For TACACS+ however, the F5OS syntax does change in the external TACACS+ server. Old version =========== group = admin_f5 { service = ppp protocol = ip { default attribute=permit F5-VELOS-UID=1002 F5-VELOS-GID=9000 F5-VELOS-HOMEDIR=/tmp F5-VELOS-USERINFO=test_user } Old version =========== group = admin_f5 { service = ppp protocol = ip { default attribute=permit F5-F5OS-UID=1002 F5-F5OS-GID=9000 F5-F5OS-HOMEDIR=/tmp F5-F5OS-USERINFO=test_user }
There is no real impact, VELOS still works as before (since it was left in for backwards compatibility).
All external RADIUS and TACACS+ servers are affected.
Using F5OS instead of VELOS is the suggested practice.
This issue is fixed.