Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP Install/Upgrade, TMOS
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2
Fixed In:
13.0.0, 12.1.2
Opened: Jun 29, 2016 Severity: 3-Major Related Article:
K88516119
Unable to login via ssh, with cause being reported as 'user account has expired'. Wrong role being assigned for remote-user.
Unable to login via ssh with remote-user or remote-user being assigned incorrect role when multiple accounts exists with the same name and mixed case.
The character-case for the username returned from LDAP must match the login username and the configured account name. This can be exposed on an upgrade from 11.6.0 to 12.1.0 or 12.1.1.
Avoid configuring the same account username with different case. The authenticated user account in TMOS used to login should exactly match the user account name returned from LDAP.
When logging in to BIG-IP via ssh, the case of the logged-in user name is preserved when authenticating against an LDAP source, and matched in a case-sensitive manner to the appropriate locally defined user role.