ZyXEL Communications ZLD Manual De Usuario
Chapter 30 AAA Server
ZyWALL (ZLD) CLI Reference Guide
253
30.2.7 aaa group server radius Commands
The following table lists the
aaa group server radius
commands you use to configure a group
of RADIUS servers.
[no] case-sensitive
Specify whether or not the server checks the username case. Set this to be
the same as the server’s behavior.
the same as the server’s behavior.
[no] server alternative-cn-
identifier uid
Sets the second type of identifier that the users can use to log in if any. For
example “name” or “e-mail address”. The
example “name” or “e-mail address”. The
no
command clears this setting.
[no] server basedn basedn
Sets the base DN to point to the LDAP directory on the LDAP server group.
The
The
no
command clears this setting.
[no] server binddn binddn
Sets the user name the ZyWALL uses to log into the LDAP server group. The
no
no
command clears this setting.
[no] server cn-identifier uid
Sets the user name the ZyWALL uses to log into the LDAP server group. The
no
no
command clears this setting.
[no] server description
description
Sets the descriptive information for the LDAP server group. You can use up
to 60 printable ASCII characters. The no command clears this setting.
to 60 printable ASCII characters. The no command clears this setting.
[no] server group-attribute
group-attribute
Sets the name of the attribute that the ZyWALL is to check to determine to
which group a user belongs. The value for this attribute is called a group
identifier; it determines to which group a user belongs. You can add ext-
group-user user objects to identify groups based on these group identifier
values.
which group a user belongs. The value for this attribute is called a group
identifier; it determines to which group a user belongs. You can add ext-
group-user user objects to identify groups based on these group identifier
values.
For example you could have an attribute named “memberOf” with values
like “sales”, “RD”, and “management”. Then you could also create an ext-
group-user user object for each group. One with “sales” as the group
identifier, another for “RD” and a third for “management”. The
like “sales”, “RD”, and “management”. Then you could also create an ext-
group-user user object for each group. One with “sales” as the group
identifier, another for “RD” and a third for “management”. The
no
command
clears the setting.
[no] server host ldap_server
Enter the IP address (in dotted decimal notation) or the domain name of an
LDAP server to add to this group. The
LDAP server to add to this group. The
no
command clears this setting.
[no] server password password
Sets the bind password (up to 15 characters). The no command clears this
setting.
setting.
[no] server port port_no
Sets the LDAP port number. Enter a number between 1 and 65535. The
default is 389. The
default is 389. The
no
command clears this setting.
[no] server search-time-limit
time
Sets the search timeout period (in seconds). Enter a number between 1 and
300. The no command clears this setting and set this to the default setting
of 5 seconds.
300. The no command clears this setting and set this to the default setting
of 5 seconds.
[no] server ssl
Enables the ZyWALL to establish a secure connection to the LDAP server.
The no command disables this feature.
The no command disables this feature.
Table 151
aaa group server ldap Commands (continued)
COMMAND
DESCRIPTION
Table 152
aaa group server radius Commands
COMMAND
DESCRIPTION
clear aaa group server radius group-
name
Deletes all RADIUS server groups or the specified RADIUS server group.
Note: You can NOT delete a server group that is currently in use.
show aaa group server radius group-
name
Displays the specified RADIUS server group settings.
[no] aaa group server radius group-
name
Sets a descriptive name for the RADIUS server group. The
no
command
deletes the specified server group.
aaa group server radius rename {group-
name-old} group-name-new
Sets the server group name.