ZyXEL Communications 1000 User Manual
Chapter 44 AAA Server
ZyWALL USG 1000 User’s Guide
729
44.3 RADIUS Server Summary
Use the RADIUS screen to manage the list of RADIUS servers the ZyWALL can
use in authenticating users.
use in authenticating users.
Base DN
Specify the directory (up to 127 alphanumerical characters). For
example,
example,
o=ZyXEL, c=US
.
Use SSL
Select Use SSL to establish a secure connection to the AD or LDAP
server(s).
server(s).
Search time
limit
limit
Specify the timeout period (between 1 and 300 seconds) before the
ZyWALL disconnects from the AD or LDAP server. In this case, user
authentication fails.
ZyWALL disconnects from the AD or LDAP server. In this case, user
authentication fails.
Search timeout occurs when either the user information is not in the AD
or LDAP server(s) or the AD or LDAP server(s) is down.
or LDAP server(s) or the AD or LDAP server(s) is down.
Bind DN
Specify the bind DN for logging into the AD or LDAP server. Enter up to
127 alphanumerical characters.
127 alphanumerical characters.
For example,
cn=zywallAdmin
specifies
zywallAdmin
as the user
name.
Password
If required, enter the password (up to 15 alphanumerical characters)
for the ZyWALL to bind (or log in) to the AD or LDAP server.
for the ZyWALL to bind (or log in) to the AD or LDAP server.
Base DN
Specify the directory (up to 127 alphanumerical characters). For
example,
example,
o=ZyXEL, c=US
.
Login Name
Attribute
Attribute
Enter the type of identifier the users are to use to log in. For example
“name” or “e-mail address”.
“name” or “e-mail address”.
Alternative
Login Name
Attribute
Login Name
Attribute
If there is a second type of identifier that the users can use to log in,
enter it here. For example “name” or “e-mail address”.
enter it here. For example “name” or “e-mail address”.
Group
Membership
Attribute
Membership
Attribute
An AD or LDAP server defines attributes for its accounts. Enter the
name of the attribute that the ZyWALL is to check to determine to which
group a user belongs. The value for this attribute is called a group
identifier; it determines to which group a user belongs. You can add
ext-group-user user objects to identify groups based on these group
identifier values.
name of the attribute that the ZyWALL is to check to determine to which
group a user belongs. The value for this attribute is called a group
identifier; it determines to which group a user belongs. You can add
ext-group-user user objects to identify groups based on these group
identifier values.
For example you could have an attribute named “memberOf” with
values like “sales”, “RD”, and “management”. Then you could also create
a ext-group-user user object for each group. One with “sales” as the
group identifier, another for “RD” and a third for “management”.
values like “sales”, “RD”, and “management”. Then you could also create
a ext-group-user user object for each group. One with “sales” as the
group identifier, another for “RD” and a third for “management”.
Configuration
Validation
Validation
Use a user account from the server specified above to test if the
configuration is correct. Enter the account’s user name in the
Username field and click Test.
configuration is correct. Enter the account’s user name in the
Username field and click Test.
OK
Click OK to save the changes.
Cancel Click
Cancel to discard the changes.
Table 204 Configuration > Object > AAA Server > Active Directory (or LDAP) > Add
LABEL
DESCRIPTION