The ad-server authentication command configures an AD server.
The undo ad-server authentication command deletes the configured AD server.
By default, no AD server is configured.
ad-server authentication ip-address [ port ] [ secondary | third ] [ ldap-over-ssl | no-ssl ]
ad-server authentication server-url url [ port ] [ ldap-over-ssl | no-ssl ]
undo ad-server authentication [ secondary | third | server-url ]
| Parameter | Description | Value |
|---|---|---|
ip-address |
Specifies the IP address of an AD server. |
The value is in dotted decimal notation. |
port |
Specifies the Kerberos authentication port number of an AD server. |
The value is an integer in the ranges from 1 to 65535. The default value is 88. The port number configured using this command must be the same as that configured on the AD server. |
secondary |
Specifies the secondary AD server. |
- |
third |
Specifies the tertiary AD server. |
- |
server-url url |
Specifies the URL of an AD server. |
The value is a string of 1 to 127 characters. It must contain a dot (.), for example, abc.com. |
ldap-over-ssl |
When the device and AD server use LDAP over SSL for LDAP authentication, you need to specify this parameter. The device then uses a CA certificate to check the validity of the AD server. NOTE:
This parameter is specified by default. |
- |
no-ssl |
Disables SSL encryption. |
- |
Ensure that a DNS server has been configured before you configure an AD server using a URL. The first three IP addresses parsed by the device based on domain name are assigned to the primary, secondary, and tertiary servers respectively.
During AD authentication, LDAP is used in interaction between the device and AD server. LDAP data is not encrypted during transmission. For security purposes, you can use LDAP over SSL for encrypted transmission. In this case, you need to import the CA certificate corresponding to the AD server certificate into the device to authenticate the AD server.
If you run the ad-server authentication command multiple times, only the latest configuration takes effect.
If a user attempts to connect to the AD server for authentication while the server configurations are being modified, the system will display an operation failure message.