Forum Discussion
Slayer001
Cirrus
CirrusAD authentication with LDAPS
Is it possible to create a layered Virtual Server to intercept the LDAP request towards the AD DC's and use LDAPS for the connection? We need to have LDAPS (TCP-636) for the AD auth instead of the d...
Been some time but didn't have time to test it out. I tried with Pool but same result.
Logged a support case and they confirmed it's not possible with AD auth. They said they know the security patch is coming and are working on something. It should be there before the Microsoft security patch is released.
Slayer001Cirrus
CirrusThere is a VS1 that has an APM policy that uses an AAA (AD) object to authenticate users.
I created a separate internal VS2 with ARP off on the virtual address (Layered VS in F5 terms). This layered VS is setup with a server ssl profile and contains a pool with the real AD servers as members.
In the APM AAA (AD) object used in the APM policy on VS1 I used the IP address of VS2 in order to be able to do LDAPS requests to the backend AD servers.
Then when I test with adtest tool or even by trying to authenticate to VS1 I see the packets being sent towards the MAC address of the next hop and not towards VS2? Why isn't it sent to the internal VS2?
In the logs it's shown that the F5 tried to reach the AD server but not KDC principal name was found
Can you understand the setup now?
MitheorOk, got it.
Last question (and sorry for being so insistent).
In the APM AAA (AD) object used in the APM policy on VS1, do you have the VS2 IP in "Use pool" or in "Direct"?
Other than that, with this procedure i think it should work:
I´ll try it in the lab if i have time later today.