Help Center> Cloud Bastion Host> User Guide> User> Remote Authentication Management> Configuring Remote AD Authentication
Updated on 2024-06-28 GMT+08:00
View PDF

Configuring Remote AD Authentication

CBH interconnects with the AD server to authenticate user logins. You can configure authentication mode or synchronization mode for the AD domain service.
  • Auth Mode

    If this mode is selected, CBH does not synchronize user information from the AD domain server. The administrator needs to manually create users of the CBH system. When a user logs in to a CBH system, the user identify is authenticated by the AD domain server.

  • Sync Mode

    If this mode is selected, CBH synchronizes user information from the AD domain server. Therefore, the administrator does not need to create users of the CBH system. When a user logs in to a CBH system, the user identify is authenticated by the AD domain server. For details, see Synchronizing AD Domain Users.

This topic describes how to configure the AD authentication mode.

Prerequisites

  • You have the management permissions for the System module.
  • You have obtained the information about the AD domain server.

Procedure

  1. Log in to the CBH system.
  2. Choose System > Sysconfig > Authenticate.

    Figure 1 Configuring remote authentication

  3. Click Add in the AD Settings area.
  4. Select Auth for Auth Mode and configure other parameters as shown in Table 1.

    Figure 2 AD Settings
    Table 1 AD authentication parameters

    Parameter

    Description

    Server

    Specifies the IP address of the AD domain server.

    Status

    Specifies the status of remote AD authentication (default: ).

    • : AD domain authentication is enabled. If the configuration information is valid, AD domain authentication is enabled or AD domain users are synchronized to the CBH system when the user logs in to the CBH system.
    • : AD authentication is disabled.

    SSL

    Specifies the status of SSL encryption (default: ).

    • : SSL encryption is disabled.
    • : SSL encryption is enabled. After SSL encryption is enabled, data transmitted by synchronized users or authenticated users is encrypted.

    Mode

    Specifies the working mode of AD domain. Select Auth Mode.

    Port

    Specifies the access port of the remote server of AD domain. The default port number is 389.

    Domain

    Specifies the domain of the AD service.

  5. Click OK. You can then view AD authentication configurations in the AD server list.

Follow-up Operations

  • To view details of the configured AD authentication, click Details in the Operation column.
  • To modify or disable AD authentication, or change the authentication mode, click Edit in the Operation column and reconfigure the AD authentication in the displayed dialog box.
  • If the AD authentication is no longer required, click Delete in the Operation column to delete it. Deleted authentication information cannot be recovered. Exercise caution when performing this operation.