ZyXEL Communications ZyWALL 1000 ユーザーズマニュアル

Chapter 34 User/Group

ZyWALL USG 1000 User’s Guide

Set up an Ext-User account if the user is authenticated by an external server and you want to 
set up specific policies for this user in the ZyWALL. If you do not want to set up policies for 
this user, you do not have to set up an Ext-User account.
Ext-User users should be authenticated by an external server, such as LDAP or RADIUS. If 
the ZyWALL tries to use the local database to authenticate an Ext-User, the authentication 
attempt always fails. (This is related to AAA servers and authentication methods, which are 
discussed in 

, respectively.)

"

If the ZyWALL tries to authenticate an Ext-User using the local database, the 
attempt always fails.

Once an Ext-User user has been authenticated, the ZyWALL tries to get the user type (see 

) from the external server. If the external server does not have the 

information, the ZyWALL sets the user type for this session to User.
For the rest of the user attributes, such as reauthentication time, the ZyWALL checks the 
following places, in order.

1 User account in the remote server.
2 User account (Ext-User) in the ZyWALL.
3 Default user account for LDAP users (ldap-users) or RADIUS users (radius-users) in 

the ZyWALL.

See 

 for a list of attributes and how to set up the attributes in an 

external server.

To set up user attributes, such as reauthentication time, in LDAP or RADIUS servers, use the 
following keywords in the user configuration file. 

The following examples show you how you might set up user attributes in LDAP and 
RADIUS servers.

Table 156   LDAP/RADIUS: Keywords for User Attributes

type

User Type. Possible Values: admin, limited-admin, user, guest.

leaseTime

Lease Time. Possible Values: 1-1440 (minutes).

reauthTime

Reauthentication Time. Possible Values: 1-1440 (minutes).

Figure 369   LDAP Example: Keywords for User Attributes

type: admin
leaseTime: 99
reauthTime: 199