NimbostratusHello,
are there any changes with the hasing of passwords? With BIGIP-14.1.2.6 these are not anymore like $M..., each time new generated ones with the length of 50 wenn calling over rest api (client-ssl, radius server, monitoring etc).
EmployeeI presume you observed a string like "_e4h9VgHA`JG1MSE@c.e?2lkn>ZG[Wombh[o>67kaC_kV`J" (not exacly 50 characters but close enough). BIG-IP started to experience the issue since 14.1.0, however, I did not see the behavior on 14.1.2 (Final). F5 identified the issue but no fix is provided yet.
Meanwhile, you can use the /mgmt/tm/util/bash endpoint to directly evoke tmsh command. For example, getting the secret property from RADIUS setting (equivalent to 'tmsh list auth radius-server system_auth_name1 secret') using curl:
# curl -sku $PASS https://$HOST/mgmt/tm/util/bash -X POST -H "Content-Type: application/json" -d '{"command":"run", "utilCmdArgs":"-c \"tmsh list auth radius-server system_auth_name1 secret\""}'
{
"command": "run",
"commandResult": "auth radius-server system_auth_name1 {\n secret $M$Ti$Jh/EsK9GLFOp02s5m8kgjg==\n}\n",
"kind": "tm:util:bash:runstate",
"utilCmdArgs": "-c \"tmsh list auth radius-server system_auth_name1 secret\""
}Not elegant, I agree (especially with the quotes with escapes) but it would do the job for you.
NimbostratusHello,
we currently use a puppet module to manage the monitor, profile client ssl and radius server ressources via icontrol rest api. As a workaroud meanwhile I check now if the length of the hashed password > 40 or as previously if it starts with $M.
EmployeeThe versions affected by this issue are: 14.1.2.6, 14.1.2.5, 14.1.0.1 and 14.1.0. You should be able to fix this by changing to a version not affected, however, unfortunately, the current latest point release for 14.1.2 is 14.1.2.6. 15.1.0.4 might be a good choice. You can also submit a ticket to F5 Support and ask for a hotfix for ID745423 on top of 14.1.2.6.