multiple hosts entries for AD authentication

Question

Wondering if I can have multiple host entries for AD authentication incase of a AD server failure.?

deb_allen_18 · Answer

Client auth, or admin auth?&nbsp;
&nbsp;AFAIK, the only way to auth LTM with ACA (Advanced Client Authentication) module includes PAM (Pluggable Auth Module), and that is pretty flexible config-wise.&nbsp;
&nbsp;For admin auth using AD, it looks like you can specify a hostname OR an IP for Host, and it is retained in the config file as a name instead of resolving to an IP.  Since that's the case, you can use a hostname that resolves to multiple IP addresses.&nbsp;
&nbsp;Better yet, you could use a service (like GTM) that hands out only one known good address with a short TTL, and minimize local visibility of failure.&nbsp;
&nbsp;HTH
&nbsp;/deb

ken_67036 · Answer

Thanks Deb,
&nbsp;I have entered multiple host IP's using the GUI putting spaces between the IP address entries and it seems to work. We will be looking at a GTM down the road but for now I just needed some redundancy for AD authentication when a server is taken down for maintenance or if there is a failure.&nbsp;
&nbsp;Thanks again!
&nbsp;Regards,
&nbsp;Kim

Forum Discussion

multiple hosts entries for AD authentication

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Multiple AD Authentication

Modifying multiple entries in a datagroup via api?

Using n8n To Orchestrate Multiple Agents

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

APM Cookbook: Multiple Domain Authentication - Part 1

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS