Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 468 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD Authentication with Multiple DCs

Jack Paddock

If multiple DCs are added by IP under the Authentication > Servers section, how does it work exactly?  Will Sophos send all AD authenticattion requests to only one DC among the list of servers or does Sophos round-robin or use some other method to randomly select a DC for the authentication?   What i'm looking for is some sort of round robin rotation or load balancing.



This thread was automatically locked due to age.
Parents
  • 0

    Depending on the Request, XG is trying to solve.

    As you will configure a Domain per AD Server, you will give XG the option to filter for the domain. 

     

    Example: 

    DC1: sophos.com

    DC2: test.com

     

    If you login via User@sophos.com on XG, XG will only use DC1, as it already know, DC1 will be responsible for this Domain.

    If you login via user on XG, XG cannot verify the domain, as UPN is missing. Hence it will do following:

    DC1: user@sophos.com DC2: user@test.com - Verify if one DC respond with a bind and use the data. 

     

    If you have Multiple DCs with the same domain, XG will ask all DCs at the same time and take the first respond. ADs should have a Trust to hold the same data, if they cover the same information. The Request will be performed on LDAP level (389/636).  

Reply
  • 0

    Depending on the Request, XG is trying to solve.

    As you will configure a Domain per AD Server, you will give XG the option to filter for the domain. 

     

    Example: 

    DC1: sophos.com

    DC2: test.com

     

    If you login via User@sophos.com on XG, XG will only use DC1, as it already know, DC1 will be responsible for this Domain.

    If you login via user on XG, XG cannot verify the domain, as UPN is missing. Hence it will do following:

    DC1: user@sophos.com DC2: user@test.com - Verify if one DC respond with a bind and use the data. 

     

    If you have Multiple DCs with the same domain, XG will ask all DCs at the same time and take the first respond. ADs should have a Trust to hold the same data, if they cover the same information. The Request will be performed on LDAP level (389/636).  

Children
No Data