We upgraded to 15.1.2.1 and now we seem to have a bunch of issues authenticating using either AD or TACACS.  It requires multiple tries and then it eventually works.

Our first attempt is to fix the F5 devices that are using AD only

vi /etc/openldap/ldap.conf

You have to add a new line

Quote

 

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
TLS_REQCERT     never
REFERALLS       no
TLS_CACERTDIR   /etc/openldap/certs

 

Then you need to run

tmsh list auth ldap system-auth referrals
auth ldap system-auth {
    referrals yes
}

If its yes, then change it to no by running

tmsh modify auth ldap system-auth referrals no

And confirm its set by doing another list command like the one above

tmsh list auth ldap system-auth referrals
auth ldap system-auth {
    referrals no
}

And finally before you start testing, save the configuration

tmsh save sys config
Saving running configuration...
  /config/bigip.conf
  /config/bigip_base.conf
  /config/bigip_script.conf
  /config/bigip_user.conf
  /config/partitions/Citrix/bigip.conf
  /config/partitions/DNS/bigip.conf
  /config/partitions/Disaster.Recovery/bigip.conf
  /config/partitions/Integration/bigip.conf
  /config/partitions/Messaging/bigip.conf

Now do some testing of your user account that utilizes AD to see if it works.