Force AD users not to use FTP/HTTP or force to use SFTP/HTTPS
AnsweredForce AD users to use secure connection. AD users does not inherit permssions form AD<->cerberus gruop mapping. Only AD user<->Cerberus group mapping can force security. This is not enough in some scenarios.
-
Hello, Jaroslaw.
You are correct if you wish to customize the directory and permission mappings for individual AD users you must use an AD User to Cerberus Group mapping. When you create an AD Group to Cerberus Group mapping only the virtual directories from the Cerberus groups are added to the AD user. The permissions are not transferred.
Using the default group option is a simple way to make sure that permissions are applied to all AD users.
For example, consider a Cerberus group named AD_Users. On the Cerberus AD Users page of the User Manager, this group is assigned as the Default Group for AD users.
All of the settings on this group are applied to any AD users that are logged in. If the group AD_Users was configured to only allow SSH SFTP and HTTPS logins, then those constraints would be applied to all AD users that logged in.
However, virtual directories for group AD_Users will not be applied by default to AD users unless Cerberus Group is selected as the Default Directory.
The default Cerberus group can be overridden later for individual AD users through custom AD user to Cerberus groups mappings mentioned before.
0
Please sign in to leave a comment.
Comments
1 comment