ZyXEL Communications ZyWALL 1000 User Manual
Chapter 38 AAA Server
ZyWALL USG 1000 User’s Guide
536
The following table describes the labels in this screen.
38.4 RADIUS Server
RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol
used to authenticate users by means of an external server instead of (or in addition to) an
internal device user database that is limited to the memory capacity of the device. In essence,
RADIUS authentication allows you to validate a large number of users from a central location.
used to authenticate users by means of an external server instead of (or in addition to) an
internal device user database that is limited to the memory capacity of the device. In essence,
RADIUS authentication allows you to validate a large number of users from a central location.
Table 178 Object > AAA Server > Active Directory (or LDAP) > Group > Add
LABEL
DESCRIPTION
Configuration
All AD or LDAP servers in a group share the same settings in the fields below.
Name
Enter a descriptive name (up to 63 alphanumerical characters). for identification
purposes.
Port
Specify the port number on the LDAP server(s) to which the ZyWALL sends
authentication requests. Enter a number between 1 and 65535.
This port number should be the same on all AD or LDAP server(s) in this group.
This port number should be the same on all AD or LDAP server(s) in this group.
Password
If required, enter the password (up to 15 alphanumerical characters) the ZyWALL
uses to log into the AD or LDAP server(s).
Base DN
Specify the top level directory in the directory. For example,
o=ZyXEL, c=US
.
binddn
Specify the bind DN for logging into the AD or LDAP server(s). For example,
cn=zywallAdmin
specifies
zywallAdmin
as the user name.
CN Identifier
Specify the unique common name that uniquely identifies a record in the AD or
LDAP directory. Enter up to 63 alphanumerical characters.
Search time
limit
Specify the timeout period (between 1 and 300 seconds) before the ZyWALL
disconnects from the AD or LDAP server. In this case, user authentication fails.
Search timeout occurs when either the user information is not in the AD or LDAP
Search timeout occurs when either the user information is not in the AD or LDAP
server(s) or the AD or LDAP server(s) is down.
Use SSL
Select Use SSL to establish a secure connection to the AD or LDAP server(s).
Host Members
The ordering of the LDAP servers is important as the ZyWALL uses the AD or
LDAP servers for user authentication in the order they appear in this table.
#
This field displays the index number.
Members
Specify the URI (Uniform Resource Identifier) of an AD or LDAP server. You can
enter the IP address (in dotted decimal notation) or the fully qualified domain
name (FQDN; up to 63 alphanumerical characters) of the AD or LDAP server.
Add icon
Click Add to add a new AD or LDAP server. You can add up to four AD or LDAP
member servers.
Click Delete to remove an AD or LDAP server.
Click Delete to remove an AD or LDAP server.
OK
Click OK to save the changes.
Cancel Click
Cancel to discard the changes.