Forum Discussion
hooleylist
Feb 17, 2011Cirrostratus
I don't know enough about the Microsoft options to give a specific recommendation, but I believe they have a few solutions for load balancing TS servers. If they do and they're not too expensive, I'd guess it would be a simpler solution.
Assuming the "ADD CLIENT AUTHENTICATION" license token is in the active modules section (as opposed to the optional odules section) it looks like you do have ACA licensed. So you can make LDAP calls from an iRule. But it's not a simple implementation. Take a look at the _sys_auth_ldap iRule for an example. That's for HTTP, but I think you could adapt the logic to parse TCP data and do an auth lookup via LDAP to an AD virtual server (or server).
Edit: Actually, after looking at the AUTH::response_data wiki page, I'm not sure you can do anything but an LDAP request with a username and password sent and an auth status returned. So ACA might not be an option at all...
Aaron