Is it required to specify the name of the domain controller in the krb5.ini file for AD authentication

book

Article ID: 160015

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Is it required to specify the name of the domain controller in the krb5.ini file for AD authentication if DNS is configured as round robin for domain authentication.

Product version:: DLP v11.0

Resolution

Even though DNS round robin for domain authentication is used, for AD authentication for DLP, the name of each domain controller (KDC) is required in the krb5.ini file. This is because for AD authentication Kerberos is used and it requires KDC as part of its lookup authentication.

For more details, please see the Admin Guide for setting up Active Directory authentication:

"Replace the sample kdc values with the hostnames or IP addresses of your Active Directory servers."