Bug ID 598512: When using remote auth fallback to local with ldap or active directory, ssh connections may time out before login when remote auth server is unavailable

Last Modified: Jul 03, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6

Opened: Jun 09, 2016
Severity: 3-Major

Symptoms

User connecting via ssh enters remote password, there is a wait of about one minute, the user is told the password is incorrect. User enters local password, but the ssh session is closed before they successfully log in.

Impact

User must reconnect and enter their local password the first time when the remote authentication server is unavailable.

Conditions

Remote authentication is configured using ldap or active directory. Fallback to local authentication is enabled. A user with both remote and local credentials attempts to log in. The remote authentication server is unavailable, triggering fallback.

Workaround

Reduce the timeout for fallback by entering modify auth ldap system-auth bind-timeout 15 at the tmsh prompt.

Fix Information

None

Behavior Change