Bug ID 1496977: Remote GID mappings to F5OS roles are disconnected for TACACS+/RADIUS authentication methods.

Last Modified: Oct 21, 2024

Affected Product(s):
F5OS None(all modules)

Fixed In:
F5OS-A 1.8.0, F5OS-A 1.5.2

Opened: Jan 29, 2024

Severity: 2-Critical

Symptoms

Remote GID mappings (on a TACACS+ or RADIUS server) to F5OS GIDs/roles are not working correctly. When attempting to configure a remote mapping, it results in the access rejection with a message similar to below: [root@system ~]# ssh radius_or_tacacs_user@<F5OS system mgmt IP> Password: Last login: <date> from <source IP> No valid role group found in user groups: '9000' Connection to <mgmt IP> closed.

Impact

Remote users cannot log in to the system.

Conditions

A remote GID mapping is configured for a role in F5OS and the authentication method used for remote users is RADIUS or TACACS+.

Workaround

Configure remote user's GIDs in a way that they correspond to the GIDs in F5OS for the desired role(s). Then, remove any remote GID mappings in the F5OS configuration.

Fix Information

Fixed remote GID mapping to F5OS roles for TACACS+/RADIUS authentication methods.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips