Last Modified: Oct 21, 2024
Affected Product(s):
F5OS (all modules)
Fixed In:
F5OS-A 1.8.0, F5OS-A 1.5.2
Opened: Jan 29, 2024 Severity: 2-Critical
Remote GID mappings (on a TACACS+ or RADIUS server) to F5OS GIDs/roles are not working correctly. When attempting to configure a remote mapping, it results in the access rejection with a message similar to below: [root@system ~]# ssh radius_or_tacacs_user@<F5OS system mgmt IP> Password: Last login: <date> from <source IP> No valid role group found in user groups: '9000' Connection to <mgmt IP> closed.
Remote users cannot log in to the system.
A remote GID mapping is configured for a role in F5OS and the authentication method used for remote users is RADIUS or TACACS+.
Configure remote user's GIDs in a way that they correspond to the GIDs in F5OS for the desired role(s). Then, remove any remote GID mappings in the F5OS configuration.
Fixed remote GID mapping to F5OS roles for TACACS+/RADIUS authentication methods.