Forum Discussion
morrie_63651
Nimbostratus
Nimbostratuskerberos
I am planning to use my new F5 LTM to load balance a number of components that are protected by Microsoft Active Directory - Kerberos. I am being told that the F5 device must join the Kerberos domain...
RyanLRoy_80296Nimbostratus
NimbostratusWhen you say "create an SPN for this dns name and with the userid being used to configure kerberos" which userid are you referring too? In our environment we have four servers which are load balanced. Kerberos based SSO is working on each individual server but is failing when going through the virtual ip. We have an AD user which corresponds to each physical machine. I believe the setspn command was then run for each of these users specifying the corresponding dns name of that server.
Does that mean we should then create another AD user to represent the load balancer and run setspn specifying the virtual ip and the AD user we set up? Do you know if this AD user would have to be marked as an eligible delegate?