ZyXEL Communications Security Camera 3.1 ユーザーズマニュアル
Chapter 31 Authentication Objects
ZyWALL (ZLD) CLI Reference Guide
256
31.2.1 aaa authentication Command Example
The following example creates an authentication profile to authentication users using the LDAP
server group and then the local user database.
server group and then the local user database.
31.3 test aaa Command
The following table lists the
test aaa
command you use to teat a user account on an
authentication server.
31.3.1 Test a User Account Command Example
The following example shows how to test whether a user account named userABC exists on the AD
authentication server which uses the following settings:
authentication server which uses the following settings:
• IP address: 172.16.50.1
• Port: 389
• Base-dn: DC=ZyXEL,DC=com
• Port: 389
• Base-dn: DC=ZyXEL,DC=com
[no] aaa authentication
profile-name member1 [member2]
[member3] [member4]
Sets the profile to use the authentication method(s) in the order specified.
member
= group ad, group ldap, group radius, or local.
Note: You must specify at least one member for each profile. Each type of member
can only be used once in a profile.
The no command clears the specified authentication method(s) for the profile.
aaa authentication [no] match-
default-group
Enable this to treat a user successfully authenticated by a remote auth server as a
defat-ext-user. If the remote authentication server is LDAP, the default-ext-user
account is an ldap-user. If the remote authentication server is AD, the default-ext-
user account is an ad-user. If the remote authentication server is RADIUS, the
default-ext-user account is a radius-user.
defat-ext-user. If the remote authentication server is LDAP, the default-ext-user
account is an ldap-user. If the remote authentication server is AD, the default-ext-
user account is an ad-user. If the remote authentication server is RADIUS, the
default-ext-user account is a radius-user.
Table 153
aaa authentication Commands (continued)
COMMAND
DESCRIPTION
Router# configure terminal
Router(config)# aaa authentication LDAPuser group ldap local
Router(config)# show aaa authentication LDAPuser
No. Method
===========================================================================
0 ldap
1 local
Router(config)#
Table 154
test aaa Command
COMMAND
DESCRIPTION
test aaa {server|secure-server} {ad|ldap} host
{hostname|ipv4-address} [host {hostname|ipv4-
address}] port <1..65535> base-dn base-dn-string
[bind-dn bind-dn-string password password] login-
name-attribute attribute [alternative-login-name-
attribute attribute] account account-name
Tests whether a user account exists on the specified
authentication server.
authentication server.