Multiple LDAP servers in Kerberos keytabs and agentless NTLM domain controllers
Multiple LDAP servers can be configured in Kerberos keytabs and agentless NTLM domain controllers for multi-forest deployments.
To use multiple LDAP servers in Kerberos keytabs and agentless NTLM domain controllers:
-
Add multiple LDAP servers:
config user ldap edit "ldap-kerberos" set server "172.16.200.98" set cnid "cn" set dn "dc=fortinetqa,dc=local" set type regular set username "CN=root,CN=Users,DC=fortinetqa,DC=local" set password xxxxxxxxx next edit "ldap-two" set server "172.16.106.128" set cnid "cn" set dn "OU=Testing,DC=ad864r2,DC=com" set type regular set username "cn=Testadmin,cn=users,dc=AD864R2,dc=com" set password xxxxxxxxx next end -
Configure a Kerberos keytab entry that uses both LDAP servers:
config user krb-keytab edit "http_service" set pac-data disable set principal "HTTP/FGT.FORTINETQA.LOCAL@FORTINETQA.LOCAL" set ldap-server "ldap-kerberos" "ldap-two" set keytab xxxxxxxxx next end -
Configure a domain controller that uses both LDAP servers:
config user domain-controller edit "dc1" set ip-address 172.16.200.98 set ldap-server "ldap-two" "ldap-kerberos" next end