2 Replies Latest reply on Sep 16, 2015 7:04 AM by Bill Robinson

    domain authentication with multiple AD servers

    Olivier Renault

      Hi,

       

      I am happy to share with you an undocummented feature of this wonderful bladelogic: the ability to manage multiple active directory servers for high availability of domain authentication with AES256 encryption.

      Everything is in the blappserv_krb5.conf file following the MIT documentation on kerberos authentication krb5.conf — MIT Kerberos Documentation


      Here is an example of the content of the config file with 3 AD servers:


      [libdefaults]

         ticket_lifetime = 6000

         default_realm = AD.EXAMPLE.FR

         default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac

         default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac

       

      [realms]

         AD.EXAMPLE.FR = {

           kdc = AD1.fr.example:88

           kdc = AD2.fr.example:88

           kdc = AD3.fr.example:88

        }

       

      [domain_realm]

         .AD.EXAMPLE.FR = AD.EXAMPLE.FR