Astaro – Notes from the Field
This is my site Written by Grant on May 19, 2012 – 12:45 am


Naming Notes – when in AD domain for SSO authentication

1) Use your AD Controller as the only DNS resolver for the ASG; support will tell you not to use request routing. Use your AD Controller to forward requests to the upstream dns servers. It feels backwards but that’s what MS AD is expecting. Don’t fight it if you want it to work.

2) Set your proxy settings by IP ADDRESS not DnsNames; that forces it into NTLM mode which avoids all the Kerberos bugs, there are tons of kerberos bugs that like to crep in; clock drift being the least annoying.

3) make sure that the MAIN Astaro FQDN hostname is in your local AD Domain. The on screen instructions say to use a FQDN that is your public one; that is wrong if you want AD SSO. Example if you want to call your machineĀ  “PROXY” and the AD Domain is “FOO.LOCAL” then you should set your Astaro FQDN Hostname to be “PROXY.FOO.LOCAL” and then join the AD domain as that name. If you haven’t done that you need to delete your astaro from the domain; rename it; rejoin it; and then reboot it.

Posted in  

Leave a Reply