Forum Discussion

Nimbostratus

Aug 03, 2011

Active Directory AAA server failing when just specify the domain name

Hi, I am trying to setup an Active Directory AAA server on a BIG-IP Edge gateway to use when connecting to a web application. In defining the AAA server, I would just like to give the doma...

app sec

BIG-IP Access Policy Manager (APM)

security

MikeIs_61713

Nimbostratus

Aug 09, 2011

Solution: The following seemed to fix the problems

1. Allow LDAP UDP through firewall

2. Update /etc/krb5.conf on the BIG-IP to enable dns lookup for the realm and kdc

 [libdefaults]
           default_realm = EXAMPLE.COM
           dns_lookup_realm = false
           dns_lookup_kdc = false
           ticket_lifetime = 24h
           forwardable = yes

This then impacted AD Queries for authorisation, and we had to ensure that DNS could resolve both

    _kerberos-master._udp
    _kerberos._udp

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Active Directory AAA server failing when just specify the domain name

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Azure Active Directory and BIG-IP APM Integration

External Data Group Import Failing.

Complete MFA solution with GA stored in Active Directory

BIG-IP device fails to install node-inspector

Remote Authorization via Active Directory

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS