Forum Discussion

Nimbostratus

Apr 29, 2016

Create an NTLM machine account for BIG-IP within a route-domain

Hi I have tried all day to join my Big IP system to one of my customers domains. The customer has ActiveSync today and wants OutlookAnywhere with NTLM authentication as well. My cluster run...

application delivery

BIG-IP Access Policy Manager (APM)

JoshBecigneul

MVP

May 10, 2016

We ran into this and for the Kerberos AAA feature at least, we just specify the IP of the KDC in the Kerberos AAA agent, and let the traffic flow out of a RD0 VLAN that has access to the customer environment. We don't break the strict isolation feature in this case.

We enhance this by using a wildcard VIP whose pool members are multiple KDCs in the customer environment. You point the Domain Controller FQDN field to this IP. I haven't tested the NTLM portion, you may need a hosts file entry to represent the internal IP for the VIP.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)