Support User Manuals

ZyXEL Communications 91-009-073003B Router User Manual

Open as PDF

of 944

Chapter 39 AAA Server

ZyWALL USG 50 User’s Guide

623

39.3 RADIUS Server Summary

Use the RADIUS screen to manage the list of RADIUS servers the ZyWALL can

use in authenticating users.

Base DN Specify the directory (up to 127 alphanumerical characters). For

example,

o=ZyXEL, c=US.

Use SSL Select Use SSL to establish a secure connection to the AD or LDAP

server(s).

Search time

limit

Specify the timeout period (between 1 and 300 seconds) before the

ZyWALL disconnects from the AD or LDAP server. In this case, user

authentication fails.

Search timeout occurs when either the user information is not in the AD

or LDAP server(s) or the AD or LDAP server(s) is down.

Bind DN Specify the bind DN for logging into the AD or LDAP server. Enter up to

127 alphanumerical characters.

For example,

cn=zywallAdmin specifies zywallAdmin as the user

name.

Password If required, enter the password (up to 15 alphanumerical characters)

for the ZyWALL to bind (or log in) to the AD or LDAP server.

Base DN Specify the directory (up to 127 alphanumerical characters). For

example, o=ZyXEL, c=US.

Login Name

Attribute

Enter the type of identifier the users are to use to log in. For example

“name” or “e-mail address”.

Alternative

Login Name

Attribute

If there is a second type of identifier that the users can use to log in,

enter it here. For example “name” or “e-mail address”.

Group

Membership

Attribute

An AD or LDAP server defines attributes for its accounts. Enter the

name of the attribute that the ZyWALL is to check to determine to which

group a user belongs. The value for this attribute is called a group

identifier; it determines to which group a user belongs. You can add

ext-group-user user objects to identify groups based on these group

identifier values.

For example you could have an attribute named “memberOf” with

values like “sales”, “RD”, and “management”. Then you could also create

a ext-group-user user object for each group. One with “sales” as the

group identifier, another for “RD” and a third for “management”.

Configuration

Validation

Use a user account from the server specified above to test if the

configuration is correct. Enter the account’s user name in the

Username field and click Test.

OK Click OK to save the changes.

Cancel Click Cancel to discard the changes.

Table 191 Configuration > Object > AAA Server > Active Directory (or LDAP) > Add

LABEL DESCRIPTION

previous next