The access-domain command configures a default or forcible domain in an authentication profile for users.
The undo access-domain command deletes a configured default or forcible domain in an authentication profile.
By default, no default or forcible domain is configured in an authentication profile.
Parameter |
Description |
Value |
|---|---|---|
domain-name |
Specifies the domain name. |
The value must be the name of an existing domain. |
| force | Specifies the configured domain as a forcible domain. If this parameter is not specified, the configured domain is a default domain. |
- |
Usage Scenario
The device manages users in domains. For example, AAA schemes and authorization information are bound to domains. During user authentication, the device assigns users to specified domains based on the domain names contained in user names. However, user names entered by many users on actual networks do not contain domain names. In this case, you can configure a default domain in an authentication profile. If users using this profile enter user names that do not contain domain names, the device manages the users in the default domain.
On actual networks, user names entered by some users contain domain names and those entered by other users do not. The device uses different domains to manage the users. Because authentication, authorization and accounting (AAA) information in the domains are different, users use different AAA information. To ensure that users using the same authentication profile use the same AAA information, you can configure a forcible domain in the authentication profile for the users. The device then manages the users in the forcible domain regardless of whether entered user names contain domain names or not.
Prerequisites
A domain has been configured using the domain command in the AAA view.
# Configure the forcible domain huawei in the authentication profile p1.
<sysname> system-view [sysname] aaa [sysname-aaa] domain huawei [sysname-aaa-domain-huawei] quit [sysname-aaa] quit [sysname] authentication-profile name p1 [sysname-authentication-profile-p1] access-domain huawei force