Chapter 39 AAA Server

 

Table 191 Configuration > Object > AAA Server > Active Directory (or LDAP) > Add

 

LABEL

DESCRIPTION

 

Base DN

Specify the directory (up to 127 alphanumerical characters). For

 

 

example, o=ZyXEL, c=US.

 

Use SSL

Select Use SSL to establish a secure connection to the AD or LDAP

 

 

server(s).

 

 

 

 

Search time

Specify the timeout period (between 1 and 300 seconds) before the

 

limit

ZyWALL disconnects from the AD or LDAP server. In this case, user

 

 

authentication fails.

 

 

Search timeout occurs when either the user information is not in the AD

 

 

or LDAP server(s) or the AD or LDAP server(s) is down.

 

 

 

 

Bind DN

Specify the bind DN for logging into the AD or LDAP server. Enter up to

 

 

127 alphanumerical characters.

 

 

For example, cn=zywallAdmin specifies zywallAdmin as the user

 

 

name.

 

 

 

 

Password

If required, enter the password (up to 15 alphanumerical characters)

 

 

for the ZyWALL to bind (or log in) to the AD or LDAP server.

 

 

 

 

Base DN

Specify the directory (up to 127 alphanumerical characters). For

 

 

example, o=ZyXEL, c=US.

 

Login Name

Enter the type of identifier the users are to use to log in. For example

 

Attribute

“name” or “e-mail address”.

 

 

 

 

Alternative

If there is a second type of identifier that the users can use to log in,

 

Login Name

enter it here. For example “name” or “e-mail address”.

 

Attribute

 

 

 

 

 

Group

An AD or LDAP server defines attributes for its accounts. Enter the

 

Membership

name of the attribute that the ZyWALL is to check to determine to which

 

Attribute

group a user belongs. The value for this attribute is called a group

 

 

identifier; it determines to which group a user belongs. You can add

 

 

ext-group-useruser objects to identify groups based on these group

 

 

identifier values.

 

 

For example you could have an attribute named “memberOf” with

 

 

values like “sales”, “RD”, and “management”. Then you could also create

 

 

a ext-group-useruser object for each group. One with “sales” as the

 

 

group identifier, another for “RD” and a third for “management”.

 

 

 

 

Configuration

Use a user account from the server specified above to test if the

 

Validation

configuration is correct. Enter the account’s user name in the

 

 

Username field and click Test.

 

 

 

 

OK

Click OK to save the changes.

 

 

 

 

Cancel

Click Cancel to discard the changes.

 

 

 

39.3 RADIUS Server Summary

Use the RADIUS screen to manage the list of RADIUS servers the ZyWALL can use in authenticating users.

 

623

ZyWALL USG 50 User’s Guide