Login Failed: AD Authentication Breaks After Upgrading BIG-IP LTM to v12.x

Alex F5 LTM, Security

If you happen to have F5’s BIG-IP LTMs in your environment and have gone to upgrade the software to the latest-and-greatest release 12.0 (to address some of the discovered vulnerabilities), you may have noticed that AD authentication against Remote Role Groups fails with “Login failed” error:

F5 LTM Login Failed

Well, that’s a bug, alright. As with most of the bugs, there’s a workaround, so follow these steps:

  1. Login to the LTM’s WebUI with your local admin account
  2. Go to System -> Users -> Remote Role Groups
  3. For all Remote Role Groups that contain space character in the Attribute String (that is, there’s a space in the DN of a group), replace space with ‘\20’.

Example:

Original: memberOf=CN=LTM_Admins,OU=Some Groups,OU=Some Org Unit,DC=Domain,DC=com
Modified: memberOf=CN=LTM_Admins,OU=Some\20Groups,OU=Some\20Org\20Unit,DC=Domain,DC=com

That should be it!

Alex

I have been working in the Unified Communication space for about a decade, with the most recent years devoting my attention almost exclusively to Cisco technologies. These include Cisco Unified Communications Manager (CallManager), WebEx Meetings Server (CWMS), Cisco Jabber, Cisco TelePresence, and Cisco IronPort Email Security Appliances (ESA).

Leave a Reply

Your email address will not be published. Required fields are marked *