Forum Discussion

Nimbostratus

Apr 29, 2016

Create an NTLM machine account for BIG-IP within a route-domain

Hi I have tried all day to join my Big IP system to one of my customers domains. The customer has ActiveSync today and wants OutlookAnywhere with NTLM authentication as well. My cluster run...

application delivery

BIG-IP Access Policy Manager (APM)

JoshBecigneul

MVP

May 11, 2016

We ran into this and for the Kerberos AAA feature at least, we just specify the IP of the KDC in the Kerberos AAA agent, and let the traffic flow out of a RD0 VLAN that has access to the customer environment. We don't break the strict isolation feature in this case.

We enhance this by using a wildcard VIP whose pool members are multiple KDCs in the customer environment. You point the Domain Controller FQDN field to this IP. I haven't tested the NTLM portion, you may need a hosts file entry to represent the internal IP for the VIP.

Forum Discussion

Create an NTLM machine account for BIG-IP within a route-domain

Recent Discussions

how can I find the software version is 32 bit or 64 bit from LTM 15.1.10.4

(How) can I get two client certificates in one APM session?

Open Redirection Mitigation

BIG-IP DNS iRule issue with static variable

Using okta as SSO to login F5 GUI

Related Content

Create a DevCentral account

FQDN nodes in non-default route domains

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows

Change admin account

DevCentral to Require Multi-Factor Authentication for Account Login from September 26