Help Center/ Cloud Bastion Host/ User Guide/ User/ Remote Authentication Management/ Configuring Remote AD Authentication
Updated on 2024-09-30 GMT+08:00
View PDF

Configuring Remote AD Authentication

You can interconnect your bastion host with the AD server to authenticate user logins. You can enable authentication mode or synchronization mode for the AD domain service.
  • Auth Mode

    If this mode is selected, your bastion host does not synchronize user information from the AD domain server. You need to log in to the bastion host as the administrator and create system users manually. When a user logs in to your bastion host, its identity is authenticated by the AD domain server.

  • Sync Mode

    If this mode is selected, your bastion host synchronizes user information from the AD domain server. So, there is no need to create system users additionally. When a user logs in to your bastion host, its identity is authenticated by the AD domain server. For details, see Synchronizing AD Domain Users.

This topic describes how to configure the AD authentication mode.

Prerequisites

  • You have the management permissions for the System module.
  • You have obtained the information about the AD domain server.

Procedure

  1. Log in to your bastion host.
  2. Choose System > Sysconfig > Authenticate.

    Figure 1 Configuring remote authentication

  3. Click Add in the AD Settings area.
  4. Select Auth for Auth Mode and configure other parameters as shown in Table 1.

    Figure 2 AD Settings
    Table 1 AD authentication parameters

    Parameter

    Description

    Server

    Specifies the IP address of the AD domain server.

    Status

    Specifies the status of remote AD authentication (default: ).

    • : AD domain authentication is enabled. If the configuration information is valid, AD domain authentication is enabled or AD domain users are synchronized to the bastion host when the user starts a login.
    • : AD authentication is disabled.

    SSL

    Specifies the status of SSL encryption (default: ).

    • : SSL encryption is disabled.
    • : SSL encryption is enabled. After SSL encryption is enabled, data transmitted by synchronized users or authenticated users is encrypted.

    Mode

    Specifies the working mode of AD domain. Select Auth Mode.

    Port

    Specifies the access port of the remote server of AD domain. The default port number is 389.

    Domain

    Specifies the domain of the AD service.

  5. Click OK. You can then view AD authentication configurations in the AD server list.

Follow-up Operations

  • To view details of the configured AD authentication, click Details in the Operation column.
  • To modify or disable AD authentication, or change the authentication mode, click Edit in the Operation column and reconfigure the AD authentication in the displayed dialog box.
  • If the AD authentication is no longer required, click Delete in the Operation column to delete it. Deleted authentication information cannot be recovered. Exercise caution when performing this operation.