Filter
Top Products
Chapter 35 User/Group
ZyWALL USG 50 User’s Guide
584
Note: The default admin account is always authenticated locally, regardless of the
authentication method setting. (See Chapter 39 on page 617 for more
information about authentication methods.)
Ext-User Accounts
Set up an ext-user account if the user is authenticated by an external server and
you want to set up specific policies for this user in the ZyWALL. If you do not want
to set up policies for this user, you do not have to set up an ext-user account.
All ext-user users should be authenticated by an external server, such as AD,
LDAP or RADIUS. If the ZyWALL tries to use the local database to authenticate an
ext-user, the authentication attempt always fails. (This is related to AAA servers
and authentication methods, which are discussed in Chapter 39 on page 617 and
Chapter 40 on page 627, respectively.)
Note: If the ZyWALL tries to authenticate an ext-user using the local database, the
attempt always fails.
Once an ext-user user has been authenticated, the ZyWALL tries to get the user
type (see Table 170 on page 583) from the external server. If the external server
does not have the information, the ZyWALL sets the user type for this session to
User.
For the rest of the user attributes, such as reauthentication time, the ZyWALL
checks the following places, in order.
1 User account in the remote server.
2 User account (Ext-User) in the ZyWALL.
3 Default user account for AD users (ad-users), LDAP users (ldap-users) or
RADIUS users (radius-users) in the ZyWALL.
limited-admin Look at ZyWALL configuration (web, CLI)
Perform basic diagnostics (CLI)
WWW, TELNET, SSH, Console
Access Users
user Access network services
Browse user-mode commands (CLI)
WWW, TELNET, SSH
guest Access network services WWW
ext-user External user account WWW
ext-group-user External group user account WWW
Table 170 Types of User Accounts (continued)
TYPE ABILITIES LOGIN METHOD(S)