multiple hosts entries for AD authentication

Question

Wondering if I can have multiple host entries for AD authentication incase of a AD server failure.?

deb_allen_18 · Answer

Client auth, or admin auth?&nbsp;
&nbsp;AFAIK, the only way to auth LTM with ACA (Advanced Client Authentication) module includes PAM (Pluggable Auth Module), and that is pretty flexible config-wise.&nbsp;
&nbsp;For admin auth using AD, it looks like you can specify a hostname OR an IP for Host, and it is retained in the config file as a name instead of resolving to an IP.  Since that's the case, you can use a hostname that resolves to multiple IP addresses.&nbsp;
&nbsp;Better yet, you could use a service (like GTM) that hands out only one known good address with a short TTL, and minimize local visibility of failure.&nbsp;
&nbsp;HTH
&nbsp;/deb

ken_67036 · Answer

Thanks Deb,
&nbsp;I have entered multiple host IP's using the GUI putting spaces between the IP address entries and it seems to work. We will be looking at a GTM down the road but for now I just needed some redundancy for AD authentication when a server is taken down for maintenance or if there is a failure.&nbsp;
&nbsp;Thanks again!
&nbsp;Regards,
&nbsp;Kim

Forum Discussion

multiple hosts entries for AD authentication

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

Multiple AD Authentication

Modifying multiple entries in a datagroup via api?

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

APM Cookbook: Multiple Domain Authentication - Part 1

Doing mTLS Authentication per URL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS