Zyxel ZyWALL-USG50 Router Manual PDF (Setup & Configuration Guide)

Page 621 / 944 Scroll up to view Page 616 - 620

Chapter 39 AAA Server

ZyWALL USG 50 User’s Guide

621

•

See

Section 7.6 on page 131

for an example of how to use a RADIUS server to

authenticate user accounts based on groups.

39.2

Active Directory or LDAP Server Summary

Use the

Active Directory

or

LDAP

screen to manage the list of AD or LDAP

servers the ZyWALL can use in authenticating users.

Click

Configuration > Object > AAA Server > Active Directory

(or

LDAP

)

to

display the

Active Directory

(or

LDAP

)

screen.

Figure 357

Configuration > Object > AAA Server > Active Directory (or LDAP)

The following table describes the labels in this screen.

39.2.1

Adding an Active Directory or LDAP Server

Click

Object > AAA Server > Active Directory

(or

LDAP

)

to display the

Active

Directory

(or

LDAP

)

screen. Click the

Add

icon or an

Edit

icon to display the

Table 190

Configuration > Object > AAA Server > Active Directory (or LDAP)

LABEL

DESCRIPTION

Add

Click this to create a new entry.

Edit

Double-click an entry or select it and click

Edit

to open a screen where

you can modify the entry’s settings.

Remove

To remove an entry, select it and click

Remove

. The ZyWALL confirms

you want to remove it before doing so.

Object

References

Select an entry and click

Object Reference

s to open a screen that

shows which settings use the entry. See

Section 11.3.2 on page 230

for

an example.

#

This field displays the index number.

Server

Address

This is the address of the AD or LDAP server.

Base DN

This specifies a directory. For example,

o=ZyXEL, c=US

.

Page 622 / 944

Chapter 39 AAA Server

ZyWALL USG 50 User’s Guide

622

following screen. Use this screen to create a new AD or LDAP entry or edit an

existing one.

Figure 358

Configuration > Object > AAA Server > Active Directory (or LDAP) > Add

The following table describes the labels in this screen.

Table 191

Configuration > Object > AAA Server > Active Directory (or LDAP) > Add

LABEL

DESCRIPTION

Name

Enter a descriptive name (up to 63 alphanumerical characters) for

identification purposes.

Description

Enter the description of each server, if any. You can use up to 60

printable ASCII characters.

Server Address

Enter the address of the AD or LDAP server.

Backup Server

Address

If the AD or LDAP server has a backup server, enter its address here.

Port

Specify the port number on the AD or LDAP server to which the ZyWALL

sends authentication requests. Enter a number between 1 and 65535.

This port number should be the same on all AD or LDAP server(s) in this

group.

Page 623 / 944

Chapter 39 AAA Server

ZyWALL USG 50 User’s Guide

623

39.3

RADIUS Server Summary

Use the

RADIUS

screen to manage the list of RADIUS servers the ZyWALL can

use in authenticating users.

Base DN

Specify the directory (up to 127 alphanumerical characters). For

example,

o=ZyXEL, c=US

.

Use SSL

Select

Use SSL

to establish a secure connection to the AD or LDAP

server(s).

Search time

limit

Specify the timeout period (between 1 and 300 seconds) before the

ZyWALL disconnects from the AD or LDAP server. In this case, user

authentication fails.

Search timeout occurs when either the user information is not in the AD

or LDAP server(s) or the AD or LDAP server(s) is down.

Bind DN

Specify the bind DN for logging into the AD or LDAP server. Enter up to

127 alphanumerical characters.

For example,

cn=zywallAdmin

specifies

zywallAdmin

as the user

name.

Password

If required, enter the password (up to 15 alphanumerical characters)

for the ZyWALL to bind (or log in) to the AD or LDAP server.

Base DN

Specify the directory (up to 127 alphanumerical characters). For

example,

o=ZyXEL, c=US

.

Login Name

Attribute

Enter the type of identifier the users are to use to log in. For example

“name” or “e-mail address”.

Alternative

Login Name

Attribute

If there is a second type of identifier that the users can use to log in,

enter it here. For example “name” or “e-mail address”.

Group

Membership

Attribute

An AD or LDAP server defines attributes for its accounts. Enter the

name of the attribute that the ZyWALL is to check to determine to which

group a user belongs. The value for this attribute is called a group

identifier; it determines to which group a user belongs.

You can add

ext-group-user

user objects to identify groups based on these group

identifier values.

For example you could have an attribute named “memberOf” with

values like “sales”, “RD”, and “management”. Then you could also create

a

ext-group-user

user object for each group. One with “sales” as the

group identifier, another for “RD” and a third for “management”.

Configuration

Validation

Use a user account from the server specified above to test if the

configuration is correct. Enter the account’s user name in the

Username

field and click

Test

.

OK

Click

OK

to save the changes.

Cancel

Click

Cancel

to discard the changes.

Table 191

Configuration > Object > AAA Server > Active Directory (or LDAP) > Add

LABEL

DESCRIPTION

Page 624 / 944

Chapter 39 AAA Server

ZyWALL USG 50 User’s Guide

624

Click

Configuration > Object > AAA Server > RADIUS

to display the

RADIUS

screen.

Figure 359

Configuration > Object > AAA Server > RADIUS

The following table describes the labels in this screen.

Table 192

Configuration > Object > AAA Server > RADIUS

LABEL

DESCRIPTION

Add

Click this to create a new entry.

Edit

Double-click an entry or select it and click

Edit

to open a screen where

you can modify the entry’s settings.

Remove

To remove an entry, select it and click

Remove

. The ZyWALL confirms

you want to remove it before doing so.

Object

References

Select an entry and click

Object Reference

s to open a screen that

shows which settings use the entry. See

Section 11.3.2 on page 230

for

an example.

#

This field displays the index number.

Name

This is the name of the RADIUS server entry.

Server

Address

This is the address of the AD or LDAP server.

Base DN

This specifies a directory. For example,

o=ZyXEL, c=US

.

Host

Enter the IP address (in dotted decimal notation) or the domain name (up

to 63 alphanumeric characters) of a RADIUS server.

Authentication

Port

The default port of the RADIUS server for authentication is

1812

.

You need not change this value unless your network administrator

instructs you to do so with additional information.

Key

Enter a password (up to 15 alphanumeric characters) as the key to be

shared between the external authentication server and the ZyWALL.

The key is not sent over the network. This key must be the same on the

external authentication server and the ZyWALL.

Timeout

Specify the timeout period (between 1 and 300 seconds) before the

ZyWALL disconnects from the RADIUS server. In this case, user

authentication fails.

Search timeout occurs when either the user information is not in the

RADIUS server or the RADIUS server is down.

Apply

Click

Apply

to save the changes.

Reset

Click

Reset

to return the screen to its last-saved settings.

Page 625 / 944

Chapter 39 AAA Server

ZyWALL USG 50 User’s Guide

625

39.3.1

Adding a RADIUS Server

Click

Configuration > Object > AAA Server > RADIUS

to display the

RADIUS

screen. Click the

Add

icon or an

Edit

icon to display the following screen. Use this

screen to create a new AD or LDAP entry or edit an existing one.

Figure 360

Configuration > Object > AAA Server > RADIUS > Add

The following table describes the labels in this screen.

Table 193

Configuration > Object > AAA Server > RADIUS > Add

LABEL

DESCRIPTION

Name

Enter a descriptive name (up to 63 alphanumerical characters) for

identification purposes.

Description

Enter the description of each server, if any. You can use up to 60

printable ASCII characters.

Server

Address

Enter the address of the RADIUS server.

Authentication

Port

Specify the port number on the RADIUS server to which the ZyWALL

sends authentication requests. Enter a number between 1 and 65535.

Backup Server

Address

If the RADIUS server has a backup server, enter its address here.

Backup

Authentication

Port

Specify the port number on the RADIUS server to which the ZyWALL

sends authentication requests. Enter a number between 1 and 65535.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share