Forum Discussion

Nimbostratus

Aug 02, 2011

Active Directory AAA server failing when just specify the domain name

Hi, I am trying to setup an Active Directory AAA server on a BIG-IP Edge gateway to use when connecting to a web application. In defining the AAA server, I would just like to give the doma...

app sec

BIG-IP Access Policy Manager (APM)

security

MikeIs_61713

Nimbostratus

Aug 08, 2011

Solution: The following seemed to fix the problems

1. Allow LDAP UDP through firewall

2. Update /etc/krb5.conf on the BIG-IP to enable dns lookup for the realm and kdc

 [libdefaults]
           default_realm = EXAMPLE.COM
           dns_lookup_realm = false
           dns_lookup_kdc = false
           ticket_lifetime = 24h
           forwardable = yes

This then impacted AD Queries for authorisation, and we had to ensure that DNS could resolve both

    _kerberos-master._udp
    _kerberos._udp

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Active Directory AAA server failing when just specify the domain name

Tyler - May 2026 Featured Member

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

F5 Send email and snmp trap from LTM log event

shame on f5

Dynamic import of data groups

ASM allow specific url from outside country of geolocation ON

AWAF Detection Inconsistency Between Similar Test Payloads

Related Content

Azure Active Directory and BIG-IP APM Integration

Remote Authorization via Active Directory

Complete MFA solution with GA stored in Active Directory

I Tried to Beat OpenAI with Ollama in n8n—Here’s Why It Failed (and the Bug I’m Filing)

Failing Faster in the Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS