Re: Hardware Load Balence of Kerberos

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I've done it with LDAP (ADAM), just setup your virtual server in the CSM for
port 389 and set it up to do tcp connects on 389 and ICMP pings as
keepalives - if either of those fails the real-server will drop out of the
VIP in the CSM.

--
Thanks,
Brian Desmond
Windows Server MVP - Directory Services

www.briandesmond.com


"Geoff" <nigeltufnel123@xxxxxxxxx> wrote in message
news:O7UB8S3pGHA.516@xxxxxxxxxxxxxxxxxxxxxxx
Joe,

In MOST cases you are correct...BUT....in some cases you are not. In the
case of LDAP, take a poorly written app the requires a ip address entered
for the LDAP host...or in the Kerberos case, device that depends on a
krb5.conf file.....now I know that I could add additional kdc entries to
the krb5.conf file, but I don't care to manage that on a large number of
devices. So, do you have any information that would address this scenario,
or a constructive reply to my original question ?

Thanks !!

Geoff



Joe Richards [MVP] wrote:
You shouldn't have to for LDAP nor Kerberos, there is load balancing and
redirection built into the product.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

============================================================================
Do not read this worthless blog entry on
Defending Security Infrastructures
http://blog.joeware.net/2006/07/11/445/
I'm serious, you will learn absolutely nothing about
Defending Security Infrastructures.
============================================================================
Geoff wrote:
Hello everyone

Has any here used a Hardware Load Balancer device such as Cisco
Arrowpoint to load balance AD Kerberos? We currently do it for AD DNS
and AD LDAP, and I'm investigating doing it for Kerberos as well.

Thanks ,

Geoff


.

Relevant Pages

  • Re: Kerberos Confusion / Design Questions
    ... > I'm planning on deploying Sun-Kerberos with LDAP I have a few design ... > server via gssapi-keyex SSO and other servers can log back into my ... > that is puzzling me is how to handle Kerberos access, ... > authentication will basically be provided through LDAP at this point ...
    (comp.protocols.kerberos)
  • Re: Kerberized authorization service
    ... You could backend such a thing with LDAP or whatever you want ... the mail server could have an shell group with one ... While this could no doubt be made to work, it would tie the authorization ... I only have a very basic understanding of Kerberos but I'd love to help or at ...
    (comp.protocols.kerberos)
  • Re: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?
    ... used 3.0.9 on SCO 5.0.6 for quite some time after suffering problems I ... a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. ... and no LDAP server (although there were the ... share on the SCO server without any smbpasswd on that server! ...
    (comp.unix.sco.misc)
  • RE: LDAP & Find People not working
    ... need to refer to the KB article below to know how to use LDAP: ... | Yes, the scanner is on the local area network, so as you indicated below, ... | So I wonder why the scanner does not see the LDAP server. ...
    (microsoft.public.windows.server.sbs)
  • slapd - slow starting
    ... contact LDAP server ... then slapd started fine but I without ldap in nsswitch.conf I cant ... # The user ID attribute (defaults to uid) ... # SSL enabled. ...
    (freebsd-stable)