Forum Discussion

Altostratus

May 23, 2016

AAA - Active Directory with user that resides in another domain in trust

Hi, We have few domains and we expect to use an unique AD account to query the servers. So, we try to configure AAA server AD with an user that resides in a specific domain name. I kno...

application delivery

BIG-IP Access Policy Manager (APM)

cjunior

Nacreous

May 24, 2016

Hi Arnaud,

The split domain apparently works only to separate variables in the user login and not when query for AD.

I tried to reproduce in lab and strangely doesn't have the same behavior that in production.

Now, I just can see the domain names concatenating here in this log:

May 24 19:20:18 bigipdelta debug apmd [11716]: 01490111: 7: / Common / portal_apm: Common: 6a7e774c: AD module: verifyKrb5Cache (): credential cache does not match with administrator \ @ @ f5lab.com F5LAB. NET

In the next, I can't see the names concatenated, so, I think that issue is just in my AD lab.

May 24 19:20:19 bigipdelta err apmd [11716]: 01490107: 3: / Common / portal_apm: Common: 6a7e774c: AD module: query with '(& (objectClass = user) (sAMAccountName = Bob))' failed: Realm not to place KDC main name: administrator@f5lab.com. Realm not found. Please VERIFY domain name configured. (-1765328316)

So, I'll try again in production environment a way to know whats happen.

Thank you so much

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)