ZyXEL Communications USG 2000 manual 691

Chapter 40 User/Group

See Setting up User Attributes in an External Server on page 703 for a list of attributes and how to set up the attributes in an external server.

Ext-Group-User Accounts

Ext-Group-Useraccounts work are similar to ext-user accounts but allow you to group users by the value of the group membership attribute configured for the AD or LDAP server. See Section 44.2.1 on page 727 for more on the group membership attribute.

User Groups

User groups may consist of user accounts or other user groups. Use user groups when you want to create the same rule for several user accounts, instead of creating separate rules for each one.

Note: You cannot put access users and admin users in the same user group.

Note: You cannot put the default admin account into any user group.

The sequence of members in a user group is not important.

User Awareness

By default, users do not have to log into the ZyWALL to use the network services it provides. The ZyWALL automatically routes packets for everyone. If you want to restrict network services that certain users can use via the ZyWALL, you can require them to log in to the ZyWALL first. The ZyWALL is then ‘aware’ of the user who is logged in and you can create ‘user-aware policies’ that define what services they can use. See Section 40.4.2 on page 702 for a user-aware login example.

Finding Out More

•See Section 6.6.1 on page 114 for related information on these screens.

•See Section 40.5 on page 703 for some information on users who use an external authentication server in order to log in.

•See Section 7.6 on page 133 for an example of configuring user accounts and user groups as part of user-aware access control.

•See Section 7.7 on page 142 for an example of how to use a RADIUS server to authenticate user accounts based on groups.