Support User Manuals

ZyXEL Communications ISG50 Network Router User Manual

Open as PDF

of 880

Chapter 48 AAA Server

ISG50 User’s Guide

636

48.3 RADIUS Server Summary

Use the RADIUS screen to manage the list of RADIUS servers the ISG50 can use in authenticating

users.

Click Configuration > Object > AAA Server > RADIUS to display the RADIUS screen.

Figure 425 Configuration > Object > AAA Server > RADIUS

Search time limit Specify the timeout period (between 1 and 300 seconds) before the ISG50

disconnects from the AD or LDAP server. In this case, user authentication fails.

Search timeout occurs when either the user information is not in the AD or LDAP

server(s) or the AD or LDAP server(s) is down.

Bind DN Specify the bind DN for logging into the AD or LDAP server. Enter up to 127

alphanumerical characters.

For example,

cn=ISG50Admin specifies ISG50Admin as the user name.

Password If required, enter the password (up to 15 alphanumerical characters) for the

ISG50 to bind (or log in) to the AD or LDAP server.

Base DN Specify the directory (up to 127 alphanumerical characters). For example,

o=ZyXEL, c=US.

Login Name

Attribute

Enter the type of identifier the users are to use to log in. For example “name” or

“e-mail address”.

Alternative Login

Name Attribute

If there is a second type of identifier that the users can use to log in, enter it

here. For example “name” or “e-mail address”.

Group

Membership

Attribute

An AD or LDAP server defines attributes for its accounts. Enter the name of the

attribute that the ISG50 is to check to determine to which group a user belongs.

The value for this attribute is called a group identifier; it determines to which

group a user belongs. You can add ext-group-user user objects to identify

groups based on these group identifier values.

For example you could have an attribute named “memberOf” with values like

“sales”, “RD”, and “management”. Then you could also create a ext-group-user

user object for each group. One with “sales” as the group identifier, another for

“RD” and a third for “management”.

Configuration

Validation

Use a user account from the server specified above to test if the configuration is

correct. Enter the account’s user name in the Username field and click Test.

OK Click OK to save the changes.

Cancel Click Cancel to discard the changes.

Table 250 Configuration > Object > AAA Server > Active Directory (or LDAP) > Add (continued)

LABEL DESCRIPTION

previous next