ZyXEL Communications ZyWALL 1000 ユーザーズマニュアル
Chapter 34 User/Group
ZyWALL USG 1000 User’s Guide
504
34.1.2 Ext-User Accounts
Set up an Ext-User account if the user is authenticated by an external server and you want to
set up specific policies for this user in the ZyWALL. If you do not want to set up policies for
this user, you do not have to set up an Ext-User account.
Ext-User users should be authenticated by an external server, such as LDAP or RADIUS. If
the ZyWALL tries to use the local database to authenticate an Ext-User, the authentication
attempt always fails. (This is related to AAA servers and authentication methods, which are
discussed in
set up specific policies for this user in the ZyWALL. If you do not want to set up policies for
this user, you do not have to set up an Ext-User account.
Ext-User users should be authenticated by an external server, such as LDAP or RADIUS. If
the ZyWALL tries to use the local database to authenticate an Ext-User, the authentication
attempt always fails. (This is related to AAA servers and authentication methods, which are
discussed in
, respectively.)
"
If the ZyWALL tries to authenticate an Ext-User using the local database, the
attempt always fails.
attempt always fails.
Once an Ext-User user has been authenticated, the ZyWALL tries to get the user type (see
) from the external server. If the external server does not have the
information, the ZyWALL sets the user type for this session to User.
For the rest of the user attributes, such as reauthentication time, the ZyWALL checks the
following places, in order.
For the rest of the user attributes, such as reauthentication time, the ZyWALL checks the
following places, in order.
1 User account in the remote server.
2 User account (Ext-User) in the ZyWALL.
3 Default user account for LDAP users (ldap-users) or RADIUS users (radius-users) in
2 User account (Ext-User) in the ZyWALL.
3 Default user account for LDAP users (ldap-users) or RADIUS users (radius-users) in
the ZyWALL.
See
for a list of attributes and how to set up the attributes in an
external server.
34.1.2.1 Setting up User Attributes in an External Server
To set up user attributes, such as reauthentication time, in LDAP or RADIUS servers, use the
following keywords in the user configuration file.
following keywords in the user configuration file.
The following examples show you how you might set up user attributes in LDAP and
RADIUS servers.
RADIUS servers.
Table 156 LDAP/RADIUS: Keywords for User Attributes
KEYWORD
CORRESPONDING ATTRIBUTE IN WEB CONFIGURATOR
type
User Type. Possible Values: admin, limited-admin, user, guest.
leaseTime
Lease Time. Possible Values: 1-1440 (minutes).
reauthTime
Reauthentication Time. Possible Values: 1-1440 (minutes).
Figure 369 LDAP Example: Keywords for User Attributes
type: admin
leaseTime: 99
reauthTime: 199
leaseTime: 99
reauthTime: 199