Bug ID 658227: Using variable substitution for Console attribute for remote-role always denies ssh access

Last Modified: Sep 15, 2022

Affected Product(s):
BIG-IP All(all modules)

Fixed In:

Opened: Apr 12, 2017

Severity: 3-Major


When using a remote role group to set a user's console by variable substitution from the RADIUS variable F5-LTM-User-Console, console access will be disabled no matter the value of the variable returned by the RADIUS server.


Users who are expected to have tmsh access will not. These users will still have GUI access.


Remote auth using RADIUS. Remote role group configured to set console by variable substitution with F5-LTM-User-Console.


Use F5-LTM-User-Shell, and set the value to "tmsh" for users who need tmsh access.

Fix Information

If console is set by variable substitution from F5-LTM-User-Console, and this variable is set to 1 (or Enabled), the user will have tmsh access.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips