Chapter 40 User/Group

Table 183 Types of User Accounts (continued)

TYPE

ABILITIES

LOGIN METHOD(S)

limited-admin

Look at ZyWALL configuration (web, CLI)

WWW, TELNET, SSH, Console,

 

Perform basic diagnostics (CLI)

Dial-in

 

 

 

 

 

Access Users

 

 

 

 

 

user

Access network services

WWW, TELNET, SSH

 

Browse user-mode commands (CLI)

 

 

 

 

guest

Access network services

WWW

 

 

 

ext-user

External user account

WWW

 

 

 

ext-group-user

External group user account

WWW

 

 

 

Note: The default admin account is always authenticated locally, regardless of the

authentication method setting. (See Chapter 44 on page 723 for more information about authentication methods.)

Ext-User Accounts

Set up an ext-useraccount if the user is authenticated by an external server and you want to set up specific policies for this user in the ZyWALL. If you do not want to set up policies for this user, you do not have to set up an ext-useraccount.

All ext-userusers should be authenticated by an external server, such as AD, LDAP or RADIUS. If the ZyWALL tries to use the local database to authenticate an ext-user, the authentication attempt always fails. (This is related to AAA servers and authentication methods, which are discussed in Chapter 44 on page 723 and Chapter 45 on page 733, respectively.)

Note: If the ZyWALL tries to authenticate an ext-userusing the local database, the attempt always fails.

Once an ext-useruser has been authenticated, the ZyWALL tries to get the user type (see Table 183 on page 689) from the external server. If the external server does not have the information, the ZyWALL sets the user type for this session to User.

For the rest of the user attributes, such as reauthentication time, the ZyWALL checks the following places, in order.

1User account in the remote server.

2User account (Ext-User) in the ZyWALL.

3Default user account for AD users (ad-users), LDAP users (ldap-users) or RADIUS users (radius-users) in the ZyWALL.

690

 

ZyWALL USG 2000 User’s Guide