Forum Discussion

morrie_63651's avatar
morrie_63651
Icon for Nimbostratus rankNimbostratus
Oct 11, 2007

kerberos

I am planning to use my new F5 LTM to load balance a number of components that are protected by Microsoft Active Directory - Kerberos. I am being told that the F5 device must join the Kerberos domain...
microsoft
partner
DonDiego_23945's avatar
DonDiego_23945
Icon for Nimbostratus rankNimbostratus
Nov 27, 2009
Hi,

 

 

Regarding this part of the conversation (*)....... I have a similar problem perfoming single sign on authentication using Kerberos, the task it supposed to be perfomed by the vpnssl device and then go to the F5 LTM and the to then web server (wich is running a .NET based application) ...... my question is pretty much related to the part where the SPN is created in my DC server for the application. Wich account or computer-name should be used in the command.

 

 

(*)

 

Firstly map the virtual IP to a dns name in your internal DNS server. Then create an SPN for this dns name and with the userid being used to configure kerberos.

 

For ex. if you are using an id - xyz for configuring BO SSO, and the dns name is bovirtual.addomain.com

 

Then the SPN will be -

 

setspn -A HTTP/bovirtual.addomain.com xyz

 

Let me know how it goes.

 

 

Regads,

 

Ravi