Help Center> Cloud Bastion Host> User Guide> User> Remote Authentication Management> Configuring Remote AD Authentication
View PDF

Configuring Remote AD Authentication

CBH interconnects with the AD server to authenticate user logins. You can configure authentication mode or synchronization mode for the AD domain service.
  • Auth Mode

    If this mode is selected, CBH does not synchronize user information from the AD domain server. The administrator needs to manually create users of the CBH system. When a user logs in to a CBH system, the user identify is authenticated by the AD domain server.

  • Sync Mode

    If this mode is selected, CBH synchronizes user information from the AD domain server. Therefore, the administrator does not need to create users of the CBH system. When a user logs in to a CBH system, the user identify is authenticated by the AD domain server. For details, see Synchronizing AD Domain Users.

This topic describes how to configure the AD authentication mode.

Prerequisites

  • You have the management permissions for the System module.
  • You have obtained the information about the AD domain server.

Procedure

  1. Log in to the CBH system.
  2. Choose System > Sysconfig > Authenticate.

    Figure 1 Configuring remote authentication

  3. Click Add in the AD Settings area.
  4. Select Sync Mode for Mode.

    Figure 2 Configuring AD authentication mode
    Table 1 AD authentication parameters

    Parameter

    Description

    Address

    Specifies the IP address of the AD domain server.

    Status

    Specifies whether to enable remote AD authentication. Remote AD authentication is enabled by default.

    • : AD domain authentication is enabled. If the configuration information is valid, AD domain authentication is enabled or AD domain users are synchronized to the CBH system when the user logs in to the CBH system.
    • : AD authentication is disabled.

    SSL

    Specifies whether to enable SSL encryption. SSL encryption is disabled by default.

    • : SSL encryption is disabled.
    • : SSL encryption is enabled. After SSL encryption is enabled, data transmitted by synchronized users or authenticated users are encrypted.

    Mode

    Specifies the working mode of AD domain. Select Auth Mode.

    Port

    Specifies the access port of the remote server of AD domain. The default port number is 389.

    Domain

    Specifies the domain of the AD service.

  5. Click OK. You can then view AD authentication configurations in the AD server list.

    Figure 3 AD domain authentication

Follow-up Operations

  • To view details of the configured AD authentication, click Details in the Operation column.
  • To modify or disable AD authentication, or change the authentication mode, click Edit in the Operation column and reconfigure the AD authentication in the displayed dialog box.
  • If the AD authentication is no longer required, click Delete in the Operation column to delete it. Deleted authentication information cannot be recovered. Exercise caution when performing this operation.