Forum Discussion

rjordan's avatar
rjordan
Icon for Nimbostratus rankNimbostratus
Dec 23, 2011

changing management network on LTMs broke external user AD auth

We had to change our management interface on our HA LTMs so we could actually load balance to something in the same network as the existing management interfaces. It was on our "inside" network (192.168.1.0/24), so we planned to configure the mgmt interfaces to our new "management" network (192.168.2.0/24). After I made the changes remote authentication to our AD servers worked for a period of time (at least 3 hours). Sometime between that and 24 hours later remote auth stopped working. Here is an outline of what was done:

 

 

Changed mgmt interface from 192.168.1.100 to 192.168.2.100. (similar done on standby unit)

 

Changed mgmt gateway from 192.168.1.1 to 192.168.2.1.

 

Changed the network failover addresses to reflect the new IPs.

 

 

At this point, I was unable to authenticate using my AD credentials.

 

 

Added VLAN for inside network

 

Added self IPs for inside network

 

Added floating IP for inside network

 

 

At this point, I was able to authenticate using my AD credentials for a little bit.

 

 

Since the mgmt int is now on a different network than the AD servers, should it try to connect to the AD servers using its gateway? Or will it connect from the newly created VLAN that is on the same network as the AD servers?

 

 

2 Replies

  • Since the mgmt int is now on a different network than the AD servers, should it try to connect to the AD servers using its gateway? Or will it connect from the newly created VLAN that is on the same network as the AD servers?i think it uses the new vlan since it is connected subnet.
  • I'm not sure exactly what happened but it started working again without any changes that I'm aware of. As far as I can tell, the LDAP authentication goes out the VLAN instead of using the management default gateway.

     

    Thanks.