Filter
Top Products
Chapter 31 AAA Server
ZyWALL 110/310/1100 Series User’s Guide
405
Base DN Specify the directory (up to 127 alphanumerical characters). For example, o=ZyXEL,
c=US
.
This is only for LDAP.
Use SSL Select Use SSL to establish a secure connection to the AD or LDAP server(s).
Search time limit Specify the timeout period (between 1 and 300 seconds) before the ZyWALL disconnects
from the AD or LDAP server. In this case, user authentication fails.
Search timeout occurs when either the user information is not in the AD or LDAP
server(s) or the AD or LDAP server(s) is down.
Case-sensitive
User Names
Select this if the server checks the case of the usernames.
Bind DN Specify the bind DN for logging into the AD or LDAP server. Enter up to 127
alphanumerical characters.
For example,
cn=zywallAdmin specifies zywallAdmin as the user name.
Password If required, enter the password (up to 15 alphanumerical characters) for the ZyWALL to
bind (or log in) to the AD or LDAP server.
Retype to Confirm Retype your new password for confirmation.
Login Name
Attribute
Enter the type of identifier the users are to use to log in. For example “name” or “e-mail
address”.
Alternative Login
Name Attribute
If there is a second type of identifier that the users can use to log in, enter it here. For
example “name” or “e-mail address”.
Group
Membership
Attribute
An AD or LDAP server defines attributes for its accounts. Enter the name of the attribute
that the ZyWALL is to check to determine to which group a user belongs. The value for
this attribute is called a group identifier; it determines to which group a user belongs. You
can add ext-group-user user objects to identify groups based on these group identifier
values.
For example you could have an attribute named “memberOf” with values like “sales”,
“RD”, and “management”. Then you could also create a ext-group-user user object for
each group. One with “sales” as the group identifier, another for “RD” and a third for
“management”.
Domain
Authentication for
MSChap
Select the Enable checkbox to enable domain authentication for MSChap.
This is only for Active Directory.
User Name Enter the user name for the user who has rights to add a machine to the domain.
This is only for Active Directory.
User Password Enter the password for the associated user name.
This is only for Active Directory.
Retype to Confirm Retype your new password for confirmation.
This is only for Active Directory.
Realm Enter the realm FQDN.
This is only for Active Directory.
Configuration
Validation
Use a user account from the server specified above to test if the configuration is correct.
Enter the account’s user name in the Username field and click Test.
OK Click OK to save the changes.
Cancel Click Cancel to discard the changes.
Table 154 Configuration > Object > AAA Server > Active Directory (or LDAP) > Add (continued)
LABEL DESCRIPTION