Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Fixed In:
13.1.0
Opened: Jun 30, 2017 Severity: 3-Major
AD Auth/Query may fail when cross-domain option is enabled, and AD Trusted Domains object is configured for the agent.
the agent will fail and take fallback branch
when all of the following is true: - AD Auth/Query is configured to use AD Trusted Domains - cross-domain option is enabled - user belongs to some trusted domains and AAA AD Server for that domain is a member of AD Trusted Domains - the AAA AD Server is configured with EMPTY KDC
for the affected AAA AD Server, please, configure KDC. it can be any acceptable value (IP, FQDN, LTM pool), but not empty
Cross-realm AD Auth/Query now succeeds, even if the AAA AD Server has no KDC configured.