Forum Discussion
morrie_63651
Nimbostratus
Nimbostratuskerberos
I am planning to use my new F5 LTM to load balance a number of components that are protected by Microsoft Active Directory - Kerberos. I am being told that the F5 device must join the Kerberos domain...
Will_F_98397Nimbostratus
NimbostratusHello,
I setup my middle tier service for delegation to a backend service and I've used a source address affinity persistence profile to keep kerberos happy.
The middletier service run's under account middletierserviceacct and the backend service under account backendserviceacct.
The middletierserverservice.fqdn and backendserverservice.fqdn DNS entries resolve to the virtual servers on our LTM.
setspn -l middletierserviceacct
HTTP/middletierserverservice.fqdn
HTTP/middletierserverservice
setspn -l backendserviceacct
HTTP/backendserverservice
HTTP/backendserverservice.fqdn
Hope this clears things up