Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
11.2.1, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10
Opened: Jul 19, 2016 Severity: 3-Major
After a remote user logs in to a BIG-IP system that is a member of an HA group, if a local user account is created with a name that matches the remote user, config sync fails attempting to sync the local user account to other devices in the HA group.
Unable to sync device groups.
1. A remotely authenticated user logs in to a BIG-IP HA member. 2. An administrator user creates a local user account on the same BIG-IP HA member with a name that matches the previously logged-in remote user. This problem has been observed using TACACS remote authentication, but is expected to occur with other remote authentication methods as well.
1. To avoid this error, create the local user on a different HA member, where the remote user has not previously logged in. 2. To recover from this error: (a) Delete the newly-created local user from the same HA member where it was created: tmsh del auth user <new-local-user-name> (b) Save current config: tmsh save sys config file <recovery-config-filename.scf> (c) Recover the device group sync status: tmsh run cm config-sync recover-sync (d) Restore the saved config: tmsh load sys config file <recovery-config-filename.scf>
None