Forum Discussion

dcasson_21085's avatar
dcasson_21085
Icon for Nimbostratus rankNimbostratus
Feb 23, 2011

AD DC's behind F5....

We have several applications that are antiquated and not AD aware. They authenticate against a specific DC rather than to AD as a whole. So, typical AD load balancing will not work and we prefer not to use DNS round-robin load balancing. Unfortunately we can not upgrade the aplications at this time either.

 

 

I would like to Load Balanace a couple of AD DC's behind an F5. I understand Microsft frowns on this, but was wondering what would need to be done on the F5 to make this happen.

 

 

I have seen others say they have done this in the past, but unfortunately they are not willing to share how they accomplished this.

 

 

Thanks,

 

 

Dave
  • For LDAP authentication you will need to use port 389 for standard authentication and 636 for secure authentication. Once these ports are opened you should be OK. Make sure you do NOT allow anonymous bind. Big security risk.