I am trying to add multiple Remote Role Groups in my BIG-IP running tmos 12.1. But i get the following error once i add the second group,
01070821:3: User Restriction Error: Once configured [All] partition, remote user group cannot have others.
I have been using the same in 11.5.4 and working without any issues (Multiple Remote Role group with each having Administrator access to all partitions)
Any idea if the behavior has been changed in 12.1 ?
I encountered this in 11.6.0. In my case, it didn't like my having configured the same LDAP attribute for more than one role. I didn't have the other role attributes yet, and just used the same values for each role as placeholders, assuming that Admin would win as line order #1. Once I changed that value, the message went away.
Thanks Stan. changing the value for the attribute string of the second Group to a different one than the first, did the trick for me too. :)
I'm facing a similar issue to this one by using tacacs authentication. The attributes being used for 2 seperate remote groups are:
role administrator -> attribute F5-LTM-User-Info-1=admin
role quest -> attribute F5-LTM-User-Info-1=mon
Do you think that the name of the attribute except from the value should be different?
More than that does anyone know if the is any official F5 solution for this issue ?