Forum Discussion

Slayer001's avatar
Slayer001
Icon for Cirrus rankCirrus
Jan 06, 2020

AD authentication with LDAPS

Is it possible to create a layered Virtual Server to intercept the LDAP request towards the AD DC's and use LDAPS for the connection? We need to have LDAPS (TCP-636) for the AD auth instead of the d...
ad
application delivery
BIG-IP Access Policy Manager (APM)
ldaps
  • Slayer001's avatar
    Slayer001
    Feb 11, 2020

    Been some time but didn't have time to test it out. I tried with Pool but same result.

    Logged a support case and they confirmed it's not possible with AD auth. They said they know the security patch is coming and are working on something. It should be there before the Microsoft security patch is released.

Shaun_Simmons's avatar
Shaun_Simmons
Icon for Employee rankEmployee
Jan 08, 2020

I had this same issue in the past. The issue was resolved by creating SRV TCP & UDP records for Kerberos to point to the VIP I needed.

-Does the AD test tool statically point to an IP? Secondly, is the workstation that you are testing with joined to a domain? If so, the group policy assigns which AD server / IP you will perform AAA queries against.

 

Based on your "Realm" error, have you tried configuring the krb5.conf("keytab") file?

Link: https://support.f5.com/csp/article/K17976428