Authentication Source is LDAP, Password Servers (and joining an AD domain) is to support MS-CHAPv2 credential validation. The two really don't have anything to do with each other.
No.
Backups are used in priority order if the Primary doesn't respond within the timeout.
You would need to use a geo or site based DNS response so that a query for the domain (e.g. "domain.com") will return a local DC.
------------------------------
Carson Hulcher, ACEX#110
------------------------------
Original Message:
Sent: Nov 17, 2020 06:15 PM
From: Melvin Fleiser
Subject: Methods for Active Directory based on geo location of server?
I understand that each CPPM node can have local "password servers" configured for their AD Domain, to ensure that they use the specific ones the admin wants them to use e.g. geographically local.
However I'm not clear on how this relates to setting up an Active Directory Authentication Source. When you create an authentication source you must enter a FQDN of a domain controller which can only exist in 1 geo location. Backup domain controllers are also manually configured here with FQDNs.
- How then does this "static" Authn Source tie in with the configured Password Servers on each CPPM?
- Does the Password Server setting override the Primary Hostname in the Authn Source?
- What happens to the backups?
- If the Password Servers actually have nothing to do with the Authn Source, how can the Authn Source be directed to the desired server in a service policy? I don't want to duplicate every service policy per geo.
------------------------------
vf556-2
------------------------------