Symptoms

When using a remote role group to set a user's console by variable substitution from the RADIUS variable F5-LTM-User-Console, console access will be disabled no matter the value of the variable returned by the RADIUS server.

Impact

Users who are expected to have tmsh access will not. These users will still have GUI access.

Conditions

Remote auth using RADIUS. Remote role group configured to set console by variable substitution with F5-LTM-User-Console.

Workaround

Use F5-LTM-User-Shell, and set the value to "tmsh" for users who need tmsh access.

Fix Information

If console is set by variable substitution from F5-LTM-User-Console, and this variable is set to 1 (or Enabled), the user will have tmsh access.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips