1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. ZyWALL-USG50
    5. /
  5. 124
Page 616 / 944 Scroll up to view Page 611 - 615
Chapter 38 Schedules
ZyWALL USG 50 User’s Guide
616
Page 617 / 944
ZyWALL USG 50 User’s Guide
617
C
HAPTER
39
AAA Server
39.1
Overview
You can use a AAA (Authentication, Authorization, Accounting) server to provide
access control to your network. The AAA server can be a Active Directory, LDAP, or
RADIUS server. Use the
AAA Server
screens to create and manage objects that
contain settings for using AAA servers. You use AAA server objects in configuring
ext-group-user user objects and authentication method objects (see
Chapter 40
on page 627
).
39.1.1
Directory Service (AD/LDAP)
LDAP/AD allows a client (the ZyWALL) to connect to a server to retrieve
information from a directory. A network example is shown next.
Figure 354
Example: Directory Service Client and Server
The following describes the user authentication procedure via an LDAP/AD server.
1
A user logs in with a user name and password pair.
2
The ZyWALL tries to bind (or log in) to the LDAP/AD server.
3
When the binding process is successful, the ZyWALL checks the user information
in the directory against the user name and password pair.
4
If it matches, the user is allowed access. Otherwise, access is blocked.
Page 618 / 944
Chapter 39 AAA Server
ZyWALL USG 50 User’s Guide
618
39.1.2
RADIUS Server
RADIUS (Remote Authentication Dial-In User Service) authentication is a popular
protocol used to authenticate users by means of an external server instead of (or
in addition to) an internal device user database that is limited to the memory
capacity of the device. In essence, RADIUS authentication allows you to validate a
large number of users from a central location.
Figure 355
RADIUS Server Network Example
39.1.3
ASAS
ASAS (Authenex Strong Authentication System) is a RADIUS server that works
with the One-Time Password (OTP) feature. Purchase a ZyWALL OTP package in
order to use this feature. The package contains server software and physical OTP
tokens (PIN generators). Do the following to use OTP. See the documentation
included on the ASAS’ CD for details.
1
Install the ASAS server software on a computer.
2
Create user accounts on the ZyWALL and in the ASAS server.
3
Import each token’s database file (located on the included CD) into the server.
4
Assign users to OTP tokens (on the ASAS server).
5
Configure the ASAS as a RADIUS server in the ZyWALL’s
Configuration > Object
> AAA Server
screens.
6
Give the OTP tokens to (local or remote) users.
39.1.4
What You Can Do in this Chapter
Use the
Configuration > Object > AAA Server > Active Directory
(or
LDAP
)
screens (
Section 39.2 on page 621
) to configure Active Directory or
LDAP server objects.
Page 619 / 944
Chapter 39 AAA Server
ZyWALL USG 50 User’s Guide
619
Use the
Configuration > Object > AAA Server > RADIUS
screen (
Section
39.3 on page 623
) to configure the default external RADIUS server to use for
user authentication.
39.1.5
What You Need To Know
AAA Servers Supported by the ZyWALL
The following lists the types of authentication server the ZyWALL supports.
Local user database
The ZyWALL uses the built-in local user database to authenticate administrative
users logging into the ZyWALL’s Web Configurator or network access users
logging into the network through the ZyWALL. You can also use the local user
database to authenticate VPN users.
Directory Service (LDAP/AD)
LDAP (Lightweight Directory Access Protocol)/AD (Active Directory) is a
directory service that is both a directory and a protocol for controlling access to
a network. The directory consists of a database specialized for fast information
retrieval and filtering activities. You create and store user profile and login
information on the external server.
• RADIUS
RADIUS (Remote Authentication Dial-In User Service) authentication is a
popular protocol used to authenticate users by means of an external or built-in
RADIUS server. RADIUS authentication allows you to validate a large number of
users from a central location.
Directory Structure
The directory entries are arranged in a hierarchical order much like a tree
structure. Normally, the directory structure reflects the geographical or
Page 620 / 944
Chapter 39 AAA Server
ZyWALL USG 50 User’s Guide
620
organizational boundaries. The following figure shows a basic directory structure
branching from countries to organizations to organizational units to individuals.
Figure 356
Basic Directory Structure
Distinguished Name (DN)
A DN uniquely identifies an entry in a directory. A DN consists of attribute-value
pairs separated by commas. The leftmost attribute is the Relative Distinguished
Name (RDN). This provides a unique name for entries that have the same “parent
DN” (“
cn=domain1.com
,
ou=Sales, o=MyCompany
” in the following examples).
cn=domain1.com, ou = Sales, o=MyCompany, c=US
cn=domain1.com, ou = Sales, o=MyCompany, c=JP
Base DN
A base DN specifies a directory. A base DN usually contains information such as
the name of an organization, a domain name and/or country. For example,
o=MyCompany
,
c=UK
where
o
means organization and
c
means country.
Bind DN
A bind DN is used to authenticate with an LDAP/AD server. For example a bind DN
of
cn=zywallAdmin
allows the ZyWALL to log into the LDAP/AD server using the
user name of
zywallAdmin
. The bind DN is used in conjunction with a bind
password. When a bind DN is not specified, the ZyWALL will try to log in as an
anonymous user. If the bind password is incorrect, the login will fail.
Finding Out More
See
Section 7.5.3 on page 124
for an example of how to set up user
authentication using a radius server.
Root
US
Japan
Sprint
UPS
NEC
Sales
RD3
QA
CSO
Sales
RD
Countries
Organizations
Organization Units
Unique
Common
Name (cn)

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top