Security

Active Directory/LDAP authentication failure with Hunk: Can Hunk be set to repeatedly retry AD connections until it finds a responsive AD server?

Splunk Employee
Splunk Employee

Currently for Hunk with Kerberos, the vix.java.security.krb5.kdc and vix.java.security.krb5.realm we are specifying the Domain (A.B.INTERNAL)
 
vix.java.security.krb5.kdc = A.B.INTERNAL
vix.java.security.krb5.realm = A.B.INTERNAL
 
An nslookup on this returns the IP addresses for 10 servers. Apparently the Active Directory servers are a volatile group, which is added/subtracted to/from and therefore we may not always have them in our firewall rules.
 
In some cases the DNS lookup is returning AD servers we cannot access.
 
Can Hunk be set to repeatedly re-try AD connections until it finds a responsive AD server?

1 Solution

Splunk Employee
Splunk Employee

The following workaround enabled us to do AD in HA mode:

Use : between AD servers

vix.java.security.krb5.kdc = kdc0.ox.ac.uk:kdc1.ox.ac.uk:kdc2.ox.ac.uk
vix.java.security.krb5.realm = A.B.INTERNAL

View solution in original post

Splunk Employee
Splunk Employee

The following workaround enabled us to do AD in HA mode:

Use : between AD servers

vix.java.security.krb5.kdc = kdc0.ox.ac.uk:kdc1.ox.ac.uk:kdc2.ox.ac.uk
vix.java.security.krb5.realm = A.B.INTERNAL

View solution in original post