2 Replies Latest reply on Sep 16, 2015 7:04 AM by Bill Robinson

    domain authentication with multiple AD servers

    Olivier Renault



      I am happy to share with you an undocummented feature of this wonderful bladelogic: the ability to manage multiple active directory servers for high availability of domain authentication with AES256 encryption.

      Everything is in the blappserv_krb5.conf file following the MIT documentation on kerberos authentication krb5.conf — MIT Kerberos Documentation

      Here is an example of the content of the config file with 3 AD servers:


         ticket_lifetime = 6000

         default_realm = AD.EXAMPLE.FR

         default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac

         default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac



         AD.EXAMPLE.FR = {

           kdc = AD1.fr.example:88

           kdc = AD2.fr.example:88

           kdc = AD3.fr.example:88