Setting up your Domain
The first step in configuring your AD users, will be setting up your domain. When you first go into AD users, you will see this page.
To begin configuring your domain you will want to select 'New Domain'. For more information on how to configure AD within Cerberus, please see Setting up Active Directory Authentication in Cerberus FTP Server. This document will explain each of the tabs you find within the 'AD Users' tab.
After configuring your domain, we should see a user list populate when we navigate into 'AD Users', with the selected domain shown at the top.
Individual AD User Settings
Just like Cerberus native users, AD users share a similarly structured list of tabs to configure your user. If you attempt to change any fields, remember to click the 'Update' button. All fields other than the Primary/Secondary group are read-only, if you encounter a greyed out field, it is driven by the AD attribute for that user.
Profile tab.
Username | The username this account will use to log in. (Required) |
An email address to associate with the user account. This email address may be used as the 'from' address when creating public shares and the 'to' address when sending password reset emails. (Optional) | |
First Name, Last Name, Telephone, Mobile | Optional Information fields for the user |
Description | A description field for the user account |
Primary Group | A Cerberus FTP Server Group that this user belongs to. All of the user's settings are overridden by the settings of the Primary Group. |
Secondary Groups |
Additional Groups the user is assigned to in order to add access to additional virtual directories. User settings are NOT overridden by Secondary Groups, they merely grant the user access to the virtual directories assigned to the group. |
Last Login Time |
The time that the user last logged into Cerberus FTP Server |
Last Login IP |
The last recorded IP address that the user logged in from. |
Password Last Changed |
The date when the user's password was last changed. |
Creation Date |
The date when the user was created in Cerberus FTP Server |
Constraints tab.
Password Never Expires | If checked, the user's password never expires. |
User Can Change Password | Controls whether a user can change their password through the HTTP/S web client or through SSH SFTP or FTP commands. |
Disabled | Determines whether the account can log in or not. A disabled account cannot log in to the server. |
Anonymous | If checked, the user password is ignored and the user can be logged in using any password. |
Max Logins | The maximum number of connections this user can make to the server at the same time. |
Disable Date | If a date is set here then the account will become disabled after the date specified. Note: The granularity of the timer is 30 minutes. The account will be disabled within 30 minutes of the time set. |
Max Upload Filesize | This field can be used to limit the maximum size of an uploaded file. This value defaults to unlimited. The file size is specified in bytes. Specify 0 or any non-positive value to reset the maximum file size to unlimited. |
Allowed IP Addresses | A comma-separated list of IP addresses that this user can log in from. If no IP addresses are specified then no per-user IP address filtering is enforced. IP addresses can be specified as a single IP, a range of IP addresses separated by a dash with no spaces, e.g. 192.168.0.100-192.168.0.150, or a CIDR-formatted IP address range. Adding spaces before and after the dash will invalidate the IP range. Multiple formats can be combined, with each single IP or range separated by a comma. Note, global IP address deny lists or allow lists are always enforced first, regardless of this setting. |
Authentication tab.
SSH Authentication Method | Determines the authentication requirements for logging into an SFTP interface. Valid options are:
|
For more information on SSH Public Key Authentication, please refer to our support article
Configuring a user for SSH Public Key Authentication
Allow 2 Factor | This option allows users to set up 2FA if they choose to |
Require 2 Factor for HTTP/S | This makes 2FA a requirement when using the HTTP/S web client. |
2 Factor for SSH SFTP/SCP | This drop-down menu will determine how Cerberus FTP handles 2FA behavior for users when using the SFTP protocol. The options are as follows: |
|
|
Do not allow FTP/S logins (No 2FA) |
This option will not allow users to login via FTP/S when 2FA is enabled. |
2 Factor Authentication Status | Shows whether 2FA is currently enabled on the account.
Enabled User has enabled 2FA for their account. Once two-factor authentication is enabled for a user account you can disable it at any time by pressing Disable 2FA Disabled User does not have 2FA enabled for their account. |
For more information on 2FA (2 factor authentication), please refer to our support article on How do I manage 2FA for an AD User in Cerberus?
Allowed Protocols tab.
Permitted Login Protocols | Controls which protocols a user is allowed to log in with. If a protocol is not checked then the user will not be allowed to log in using that protocol. |
FTP Only Settings | These settings only apply when the user logs in using FTP. |
---|---|
Require Secure Control | If enabled, this user can only log in to the server using a secure TLS/SSL encrypted connection. |
Require Secure Data | If enabled, file transfers will only be allowed over secure TLS/SSL encrypted connections. |
Virtual Directories Tab
See Adding a virtual directory to a user account for detailed information on how to add virtual directories to the user account.
Comments
0 comments
Please sign in to leave a comment.