HA Active Directory for F5 authentication

Question

I have two f5 Big-IP wit LTM module in HA. I have configured Admin authentication in BIG-IP through Remote Active Directory and It works properly.

The challenge is I have several synchronized AD servers and I would like to achieve HA in Big-IP authentication.

I have created a pool with my AD servers with a custom LDAP monitor and It seems that works because all members look up in the pool. I also created a virtual server that listen in port 389 and use the AD server pool as default pool. However, when I set the host value to virtual server IP in system-->users-->authentication, all authentication attempts fail.

Is required an special configuration in virtual server to make it work?

zamroni777 · Answer

make sure the both bigip control plane's and data plane's network routing are correct, including the firewall config between them, etc.,so that bigip mgmt can reach the vs ip (which is in bigip's data plane).&nbsp;&nbsp;

mrodriguez · Answer

I've checked it. There is a route and traffic is allowed. In fact, If I launch a telnet from the big-ip through port 389, It connects:&nbsp;

Forum Discussion

HA Active Directory for F5 authentication

2 Replies

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

ASM attack signatures not syncing between active and standby F5

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

VPN Communication Error with F5 BIG-IP Edge Client

simultaneous disabling / enabling of all LTM objects

Query on source IP preservation for syslog traffic through F5 virtual server

Related Content

Azure Active Directory and BIG-IP APM Integration

Complete MFA solution with GA stored in Active Directory

Remote User Authentication (e.g. F5 admins) using Azure Active Directory

Remote Authorization via Active Directory

Active Directory authentication for management GUI