ZyXEL Communications USG 2000 User Manual

Chapter 40 User/Group

ZyWALL USG 2000 User’s Guide

Note: The default admin account is always authenticated locally, regardless of the 

authentication method setting. (See 

information about authentication methods.)

Set up an ext-user account if the user is authenticated by an external server and 
you want to set up specific policies for this user in the ZyWALL. If you do not want 
to set up policies for this user, you do not have to set up an ext-user account.

All ext-user users should be authenticated by an external server, such as AD, 
LDAP or RADIUS. If the ZyWALL tries to use the local database to authenticate an 
ext-user, the authentication attempt always fails. (This is related to AAA servers 
and authentication methods, which are discussed in 

, respectively.)

Note: If the ZyWALL tries to authenticate an 

 using the local database, the 

attempt always fails.

Once an ext-user user has been authenticated, the ZyWALL tries to get the user 
type (see 

) from the external server. If the external server 

does not have the information, the ZyWALL sets the user type for this session to 
User.

For the rest of the user attributes, such as reauthentication time, the ZyWALL 
checks the following places, in order.

User account in the remote server.

User account (Ext-User) in the ZyWALL.

Default user account for AD users (ad-users), LDAP users (ldap-users) or 
RADIUS users (radius-users) in the ZyWALL.

limited-admin

Look at ZyWALL configuration (web, CLI)

Perform basic diagnostics (CLI)

WWW, TELNET, SSH, Console, 
Dial-in

Access Users
user

Access network services

Browse user-mode commands (CLI)

WWW, TELNET, SSH

guest

Access network services

WWW

ext-user

External user account

WWW

ext-group-user External group user account

WWW

Table 183   Types of User Accounts (continued)