< Home

mode (AD SSO view)

Function

The mode command sets the AD SSO working mode, which determines how the FW obtains user authentication results.

Format

mode { no-plug-in | plug-in }

Parameters

Parameter Description Value
no-plug-in

Indicates the AD SSO working in monitoring AD authentication packets mode. In this mode, the FW listens to authentication packets to obtain user login information.

NOTE:

In this mode, the FW cannot obtain user logout messages. Users go offline only when their connections time out.

-
plug-in

Indicates the AD SSO working in installing the AD SSO service program mode. In this mode, the AD SSO service program must be installed on the AD server (AD domain controller) or an independent AD monitor.

The AD SSO service program works in two modes:

  • Receiving PC messages: The AD SSO service program receives login/logout messages from users and sends the messages to the FW.
  • Querying AD server security logs: The AD SSO service program queries security logs of the AD server to obtain user login messages and sends the messages to the FW.

-

Views

AD SSO view

Default Level

2: Configuration level

Usage Guidelines

Installing the AD SSO service program mode is used by default.

Example

# Set the AD SSO mode to monitoring AD authentication packets.

<sysname> system-view
[sysname] user-manage single-sign-on ad
[sysname-sso-ad] mode no-plug-in
Parent Topic: User and Authentication Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >