Adconf
From Wiki of WFilter NG Firewall
(Difference between revisions)
| Line 14: | Line 14: | ||
== Settings == | == Settings == | ||
| − | + | * Domain Controller: Domain Controller ip address. | |
| − | * | + | * Port: port of your DC, 389 in default. |
| − | + | * Domain Admin: domain admin user(The admin user shall belong to the "Domain Admins" group.) | |
| − | * Admin | + | * Domain Name: domain dns name. |
| − | [[File:Faq_en_adconf001.png| | + | * DC Location: where is your DC located? |
| + | * Script Key: communication key for the adclient logon/logoff script. | ||
| + | * Advanced Settings: | ||
| + | ** Interval of polling domain controller, 10 seconds in default. | ||
| + | ** User entry timeout, user will expire upon timeout. | ||
| + | ** Sync domain users, automatically retrieve users from domain controller. | ||
| + | |||
| + | [[File:Faq_en_adconf001.png|900px]] | ||
[[File:Faq_en_adconf002.png|650px]] | [[File:Faq_en_adconf002.png|650px]] | ||
Revision as of 19:29, 31 December 2017
1 AD Integration
"AD Integration" enables you to integrate WFilter NG Firewall with microsoft active directory, so you can:
- Detect AD username of online devices.
- Set internet access and bandwidth shaper policies based on AD users.
- Record AD users internet activity.
For example:
- The real-time bandwidth will show AD username:
- Choose applied-to users(AD OU & users):
2 Settings
- Domain Controller: Domain Controller ip address.
- Port: port of your DC, 389 in default.
- Domain Admin: domain admin user(The admin user shall belong to the "Domain Admins" group.)
- Domain Name: domain dns name.
- DC Location: where is your DC located?
- Script Key: communication key for the adclient logon/logoff script.
- Advanced Settings:
- Interval of polling domain controller, 10 seconds in default.
- User entry timeout, user will expire upon timeout.
- Sync domain users, automatically retrieve users from domain controller.
- Notice:
- WFilter NG Firewall uses different machanism to retrieve logon domain users when the DC is in external or internal network.
- When "automatically sync domain users" is enabled, new or deleted domain users will be synced to WFilter.
- WFilter detects a domain user when it login into the active directory. So you might need to wait sometime to see logon users.
- The default user entry timeout is 30 hours. If no re-logon happens in 30 hours after last time logon, this username will be timeout.
- Some programs in the client device will automaticaly logon into the domain with a different AD user. In this case, you can add this user into the "Exception List".
