Kerberos delegation

Question

Hi everyone&nbsp;
I need to configure kerberos delegation 
I am following the instructions from this link 
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_implementations_guide_10_1/sol_kerberos_delegation.html&nbsp;
I get error messages when I want to join the BIG-IP system to the trusted domain&nbsp;
When I run&nbsp;
domaintool --add  --kdc 
I get no error  and when I run domaintool --list&nbsp;
I can see the domain name&nbsp;
But for 
domaintool --join  --admin_principal  --host 
it does not work
it prompts me for the password (I tried with 2 administrative accounts)
I enter the password but 
I get the following errors 
Error: ldap_sasl_interactive_bind failed(Local error)
Error: ldap_connect failed
Couldn't join domain(65280). at /usr/bin/domaintool line 387,  line 32.&nbsp;
What am  I missing &nbsp;
Thanks&nbsp;
Michel&nbsp;

michel_lepage_5 · Answer

Nevermind everyone&nbsp;
I resolved it&nbsp;
In the DNS reverse lookup zone, the name of the domain controller was typed wrong
DUH!&nbsp;

Forum Discussion

Kerberos delegation

1 Reply

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Profile ssl server using pass phrase

error code 503 redirect irule

AST Configuration Assistance

F5OS VLAN naming length restrictions

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Related Content

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

Lightboard Lessons: Kerberos Delegation & Protocol Transition

Configuring Smart Card Authentication and Kerberos Constrained Delegation in F5 Access Policy Manager (APM)

Single-Sign-On mit Kerberos Constrained Delegation

F5 Distributed Cloud - Automatic TLS Certificate Generation - Non-Delegated DNS Zone

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS