For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Karthik_Kumaran's avatar
Karthik_Kumaran
Icon for Nimbostratus rankNimbostratus
Aug 16, 2016

Cannot add multiple "Remote Role Group" in tmos 12.1

I am trying to add multiple Remote Role Groups in my BIG-IP running tmos 12.1. But i get the following error once i add the second group,

 

01070821:3: User Restriction Error: Once configured [All] partition, remote user group cannot have others.

 

I have been using the same in 11.5.4 and working without any issues (Multiple Remote Role group with each having Administrator access to all partitions)

 

Any idea if the behavior has been changed in 12.1 ?

 

application delivery
BIG-IP
LTM

2 Replies

  • Stan_Ward's avatar
    Stan_Ward
    Icon for Altocumulus rankAltocumulus
    Jan 11, 2017

    I encountered this in 11.6.0. In my case, it didn't like my having configured the same LDAP attribute for more than one role. I didn't have the other role attributes yet, and just used the same values for each role as placeholders, assuming that Admin would win as line order 1. Once I changed that value, the message went away.

     

  • HG's avatar
    HG
    Icon for Cirrus rankCirrus
    May 18, 2017

    Hi all,

     

    I'm facing a similar issue to this one by using tacacs authentication. The attributes being used for 2 seperate remote groups are: role administrator -> attribute F5-LTM-User-Info-1=admin role quest -> attribute F5-LTM-User-Info-1=mon

     

    Do you think that the name of the attribute except from the value should be different? More than that does anyone know if the is any official F5 solution for this issue ?

     

    Thanks