Forum Discussion

Nimbostratus

Oct 11, 2007

kerberos

I am planning to use my new F5 LTM to load balance a number of components that are protected by Microsoft Active Directory - Kerberos. I am being told that the F5 device must join the Kerberos domain...

microsoft

partner

Ravi_Rajan_7549

Nimbostratus

Oct 07, 2008

Hi,

Firstly map the virtual IP to a dns name in your internal DNS server. Then create an SPN for this dns name and with the userid being used to configure kerberos.

For ex. if you are using an id - xyz for configuring BO SSO, and the dns name is bovirtual.addomain.com

Then the SPN will be -

setspn -A HTTP/bovirtual.addomain.com xyz

Let me know how it goes.

Regads,

Ravi

pjcampbell_7243
Cirrus
Nov 08, 2017
Logged to let you know this worked for me. Thanks!

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

kerberos

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

How to configure ssh access by key on F5OS

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Questions on R-Series 5800s

iRule Approach to Mask Authorization Header for Bot Defense Logging – Validation Needed

Cloud Apps Protection

Related Content

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

Kerberos is Easy - Part 2

Kerberos Is Easy - Part 1

APM Cookbook: Single Sign On (SSO) using Kerberos

Kerberos Authentication Failing for Exchange 2016 Behind F5 Cloud WAF

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS