APM Active Directory Change Password

Question

Hi,&nbsp;
I have an APM 11.6.0 policy configured to authenticate against Active Directory (working fine) using a 2012 R2 domain controller.  I try to enable the password_change checkbox in the logon page settings (works fine, box shows up, can enter credentials and password to change) but the password change fails.&nbsp;
I did a packet capture and it looks like Kerberos is failing with this error:&nbsp;
KRB_ERROR_RESPONSE_TOO_BIG&nbsp;
I have Kerberos pre-auth set to AES256.  Looks like kerberos is using UDP.  I tried creating a new user for kerberos to authenticate that was only apart of Domain Admins (there was an article here)&nbsp;
I had set this up previously in a different lab on 11.5.x and it was working fine (think that was a 2012 non R2 domain controller however)&nbsp;
Any help appreciated!  If it makes any difference, it is an AWS F5 AMI.&nbsp;

jonathan_galent · Answer

On hotfix 4 actually, going to try hotfix 5.  Doubtful it will fix.

seth_cooper · Answer

The UDP failure is standard, it will then use TCP if we get the UDP failure.  Do you see anything after the UDP error running on TCP?  Do you have an admin user created in the AAA with sufficient privileges to change passwords?&nbsp;
Seth&nbsp;

Forum Discussion

APM Active Directory Change Password

2 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Azure Active Directory and BIG-IP APM Integration

Automate scp transfers using password

Password Safety & Security: Passwords vs. Passphrases

Complete MFA solution with GA stored in Active Directory

Remote User Authentication (e.g. F5 admins) using Azure Active Directory