Bug ID 711158: Admin user roles automatically demoted to guest

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
13.0.1, 13.0.0, 12.1.5.2, 12.1.5.1, 12.1.5, 12.1.4.1, 12.1.4, 12.1.3.7, 12.1.3.6, 12.1.3.5, 12.1.3.4, 12.1.3.3, 12.1.3.2, 12.1.3.1, 12.1.3

Opened: Mar 21, 2018
Severity: 3-Major
Related Article:
K25280801

Symptoms

Newly created admin users are immediately demoted to guest.

Impact

In a few seconds, the newly created admin user account reverts to a guest role. User does not have the expected admin access.

Conditions

-- A sync-failover device group exists. -- The REST framework's 'gossip' mechanism is configured. -- Create a new admin user using a command similar to the following examples: tmsh ----- tmsh create auth user test123 password **** partition-access add { all-partitions { role admin } } GUI ----- via WebUI System menu :: Users User Name: test123 Password: **** Confirm: **** Role: Administrator Partition: All Click Finish button Note: Correct REST framework 'gossip' mechanism configuration should occur automatically, but might not be ready. You can confirm whether this is the case by running the following command: restcurl shared/resolver/device-groups/tm-shared-all-big-ips/devices. The output must show all your devices, and show that they all have the same 'version' and the same 'restFrameworkVersion'.

Workaround

On the primary BIG-IP system, do the following: 1. Disable failover by running the following command: restcurl -X PATCH tm/shared/bigip-failover-state -d '{"isEnabled": false}' 2. Clear REST devices from the device group by running the following command: restcurl -X DELETE shared/resolver/device-groups/tm-shared-all-big-ips/devices

Fix Information

None

Behavior Change