ZyXEL Communications unified security gateway User Manual
ZyWALL USG 20/20W User’s Guide
573
C
H A P T E R
3 7
AAA Server
37.1 Overview
You can use a AAA (Authentication, Authorization, Accounting) server to provide
access control to your network. The AAA server can be a Active Directory, LDAP, or
RADIUS server. Use the AAA Server screens to create and manage objects that
contain settings for using AAA servers. You use AAA server objects in configuring
ext-group-user user objects and authentication method objects (see
access control to your network. The AAA server can be a Active Directory, LDAP, or
RADIUS server. Use the AAA Server screens to create and manage objects that
contain settings for using AAA servers. You use AAA server objects in configuring
ext-group-user user objects and authentication method objects (see
).
37.1.1 Directory Service (AD/LDAP)
LDAP/AD allows a client (the ZyWALL) to connect to a server to retrieve
information from a directory. A network example is shown next.
information from a directory. A network example is shown next.
Figure 339 Example: Directory Service Client and Server
The following describes the user authentication procedure via an LDAP/AD server.
1
A user logs in with a user name and password pair.
2
The ZyWALL tries to bind (or log in) to the LDAP/AD server.
3
When the binding process is successful, the ZyWALL checks the user information
in the directory against the user name and password pair.
in the directory against the user name and password pair.
4
If it matches, the user is allowed access. Otherwise, access is blocked.