Support User Manuals

ZyXEL Communications ZyWALL 1000 Network Router User Manual

Open as PDF

of 780

Chapter 34 User/Group

ZyWALL USG 1000 User’s Guide

504

34.1.2 Ext-User Accounts

Set up an Ext-User account if the user is authenticated by an external server and you want to

set up specific policies for this user in the ZyWALL. If you do not want to set up policies for

this user, you do not have to set up an Ext-User account.

Ext-User users should be authenticated by an external server, such as LDAP or RADIUS. If

the ZyWALL tries to use the local database to authenticate an Ext-User, the authentication

attempt always fails. (This is related to AAA servers and authentication methods, which are

discussed in Chapter 38 on page 531 and Chapter 39 on page 541, respectively.)

" If the ZyWALL tries to authenticate an Ext-User using the local database, the

attempt always fails.

Once an Ext-User user has been authenticated, the ZyWALL tries to get the user type (see

Table 155 on page 503) from the external server. If the external server does not have the

information, the ZyWALL sets the user type for this session to User.

For the rest of the user attributes, such as reauthentication time, the ZyWALL checks the

following places, in order.

1 User account in the remote server.

2 User account (Ext-User) in the ZyWALL.

3 Default user account for LDAP users (ldap-users) or RADIUS users (radius-users) in

the ZyWALL.

See Section 34.1.2.1 on page 504 for a list of attributes and how to set up the attributes in an

external server.

34.1.2.1 Setting up User Attributes in an External Server

To set up user attributes, such as reauthentication time, in LDAP or RADIUS servers, use the

following keywords in the user configuration file.

The following examples show you how you might set up user attributes in LDAP and

RADIUS servers.

Table 156 LDAP/RADIUS: Keywords for User Attributes

KEYWORD CORRESPONDING ATTRIBUTE IN WEB CONFIGURATOR

type User Type. Possible Values: admin, limited-admin, user, guest.

leaseTime Lease Time. Possible Values: 1-1440 (minutes).

reauthTime Reauthentication Time. Possible Values: 1-1440 (minutes).

Figure 369 LDAP Example: Keywords for User Attributes

type: admin

leaseTime: 99

reauthTime: 199

previous next