pdp ad

Print

Download PDF

Send Feedback

pdp ad

Description	For AD Query, adds (or removes) an identity to the Identity Awareness database.
Syntax	`pdp ad <`parameter`>`

Parameter	Description
`associate <`option`>`	For AD Query, adds an identity to the Identity Awareness database on the Security Gateway.
`disassociate <`option`>`	For AD Query, removes the identity from the Identity Awareness database on the Security Gateway.

pdp ad associate

Description	For AD Query, adds an identity to the Identity Awareness database on the Security Gateway. The group data must be in the AD.
Syntax	`pdp ad associate ip <`ip`> u <`username`> d <`domain`> [m <`computer`>] [t <`timeout`>] [s]`

Options	Description
`ip <`ip`>`	IP address for the identity.
`u <`username`>`	Username for the identity.
`m <`computer`>`	Computer that is defined for the identity.
`d <`domain`>`	Domain of the ID server.
`t <`timeout`>`	Timeout setting for the AD Query (default is 5 hours).
`s`	Associates `u <`username`>` and `m <`computer`>` parameters sequentially. First, the `<`computer`>` is added to the database and then the `<`username`>`.

pdp ad disassociate

Description	For AD Query, removes the identity from the Identity Awareness database on the Security Gateway. Identity Awareness does not authenticate a user that is removed.
Syntax	`pdp ad disassociate ip <`ip`> {u <`username`>\|m <`computer`>} [r {probed\|override\|timeout}]`

Options	Description
`ip <`ip`>`	IP address for the identity.
`u <`username`>`	Username for the identity.
`m <`computer`>`	Computer that is defined for the identity.
`t <`timeout`>`	Timeout setting for the AD Query (default is 5 hours).
`r {probed \| override \| timeout}`	Reason that is shown in the Logs & Monitor > Logs tab.

pdp auth

Description	Configures authentication/authorization options for PDP.
Syntax	`pdp auth <`parameter`> <`option`>`

Parameter	Description
`force_domain <`option`>`	Configures PDP to match the identity's source based on the reported domain and authorization domain.
`kerberos_encryption <`option`>`	Configures the Kerberos encryption type.

pdp auth force_domain

Description	Forces the PDP to match the identity's source based on the reported domain and authorization domain.
Syntax	`pdp auth force_domain <`option`>`

Option	Description
`stat`	Shows the current status.
`enable`	Enables the domain matching.
`disable`	Disables the domain matching.

pdp auth kerberos_encryption

Description	Configures the Kerberos encryption type (in SmartConsole, go to Objects menu > Object Explorer > Servers > open the LDAP Account Unit object > go to General tab > click Active Directory SSO Configuration).
Syntax	`pdp auth kerberos_encryption <`option`>`

Option	Description
`get`	Shows the current Kerberos encryption status.
`set {policy \| aes128-cts-hmac-sha1-96 \| aes256-cts-hmac-sha1-96}`	Sets the Kerberos encryption type.