Forum Discussion
Would I need to do this on the LTM or should I be getting the group who look after the Domain Controller to run these commands within AD?
Joining a domain To use Kerberos authentication, you need the client joined and connected to a domain and you need a keytab file. 1.Create a surrogate user in the domain. In this example, the hostname of the virtual server on the BIG-IP system is testbed.lab.companynet and the user name is john. setspn -U -A HTTP/testbed.lab.companynet john 2.Map the user account to the service account and generate a keytab file for the service. You can use the ktpass utility to do this. In this example, LAB.COMPANYNET specifies the Kerberos authentication realm. c:>ktpass -princ HTTP/testbed.lab.companynet.com@LAB.COMPANYNET -mapuser john@LAB.COMPANYNET -crypto rc4-hmac-nt -ptype KRB5_NT_SRV_HST -pass password -out c:\temp\john.keytab