Forum Discussion
Lucas_Thompson_
Apr 14, 2016Historic F5 Account
This is more of a Microsoft AD structure question that you should address to a Microsoft trained network architect, or Microsoft.
APM can authenticate using RADIUS, Kerberos (AD), LDAP, or HTTP (among others). So if you can expose any of those interfaces toward APM by using some DC-DC trust relationship setup, it will work.
- Haara_212103Apr 25, 2016NimbostratusWell I don't really think so, the issue lies within the APM and how it treats weight and priority in the DNS records or really how it doesn't treat it since changing the values doesn't have any effect on which domain controller it tries to use. And also when the APM does the DNS lookup for the ldap and kerberos services it gets a list of multiple domain controllers but if the one it tries to use times out it won't go to another is there any reason for this behaviour?
- Lucas_Thompson_Apr 27, 2016Historic F5 AccountAbsolutely correct. APM does not pay attention to these factors. There is an existing enhancement request for APM's authentication-DNS client to pay attention to "Sites and Services" information for geo-weighting and similar use cases. It's F5 RFE 495587. Few customers have expressed interest in this feature though, but feel free to open a support ticket or speak with your sales rep. Here's a Microsoft article that describes it: https://technet.microsoft.com/en-us/library/cc754697.aspx