Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Cannot add multiple "Remote Role Group" in tmos 12.1

I am trying to add multiple Remote Role Groups in my BIG-IP running tmos 12.1. But i get the following error once i add the second group,

01070821:3: User Restriction Error: Once configured [All] partition, remote user group cannot have others.

I have been using the same in 11.5.4 and working without any issues (Multiple Remote Role group with each having Administrator access to all partitions)

Any idea if the behavior has been changed in 12.1 ?

1
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I encountered this in 11.6.0. In my case, it didn't like my having configured the same LDAP attribute for more than one role. I didn't have the other role attributes yet, and just used the same values for each role as placeholders, assuming that Admin would win as line order #1. Once I changed that value, the message went away.

1
Comments on this Answer
Comment made 11-Jan-2017 by Karthik Kumaran S 374

Thanks Stan. changing the value for the attribute string of the second Group to a different one than the first, did the trick for me too. :)

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi all,

I'm facing a similar issue to this one by using tacacs authentication. The attributes being used for 2 seperate remote groups are: role administrator -> attribute F5-LTM-User-Info-1=admin role quest -> attribute F5-LTM-User-Info-1=mon

Do you think that the name of the attribute except from the value should be different? More than that does anyone know if the is any official F5 solution for this issue ?

Thanks

0