Forum Discussion
Haara_212103
Nimbostratus
NimbostratusFilter DC:s for use with APM authentication
Hello,
we have an issue with ldap authentication in a multi domain forest and several Domain Controllers in restricted VLANs where the APM don't have access. Is there any way to filter which DCs that...
This is more of a Microsoft AD structure question that you should address to a Microsoft trained network architect, or Microsoft.
APM can authenticate using RADIUS, Kerberos (AD), LDAP, or HTTP (among others). So if you can expose any of those interfaces toward APM by using some DC-DC trust relationship setup, it will work.
Haara_212103Well I don't really think so, the issue lies within the APM and how it treats weight and priority in the DNS records or really how it doesn't treat it since changing the values doesn't have any effect on which domain controller it tries to use. And also when the APM does the DNS lookup for the ldap and kerberos services it gets a list of multiple domain controllers but if the one it tries to use times out it won't go to another is there any reason for this behaviour?- Absolutely correct. APM does not pay attention to these factors. There is an existing enhancement request for APM's authentication-DNS client to pay attention to "Sites and Services" information for geo-weighting and similar use cases. It's F5 RFE 495587. Few customers have expressed interest in this feature though, but feel free to open a support ticket or speak with your sales rep. Here's a Microsoft article that describes it: https://technet.microsoft.com/en-us/library/cc754697.aspx
