F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Haara_212103's avatar
Haara_212103
Icon for Nimbostratus rankNimbostratus
Apr 13, 2016

Filter DC:s for use with APM authentication

Hello, we have an issue with ldap authentication in a multi domain forest and several Domain Controllers in restricted VLANs where the APM don't have access. Is there any way to filter which DCs that...
BIG-IP Access Policy Manager (APM)
security
Lucas_Thompson_'s avatar
Lucas_Thompson_
Historic F5 Account
Apr 14, 2016

This is more of a Microsoft AD structure question that you should address to a Microsoft trained network architect, or Microsoft.

 

APM can authenticate using RADIUS, Kerberos (AD), LDAP, or HTTP (among others). So if you can expose any of those interfaces toward APM by using some DC-DC trust relationship setup, it will work.

 

Haara_212103's avatar
Haara_212103
Icon for Nimbostratus rankNimbostratus
Apr 24, 2016
Well I don't really think so, the issue lies within the APM and how it treats weight and priority in the DNS records or really how it doesn't treat it since changing the values doesn't have any effect on which domain controller it tries to use. And also when the APM does the DNS lookup for the ldap and kerberos services it gets a list of multiple domain controllers but if the one it tries to use times out it won't go to another is there any reason for this behaviour?