ZyXEL Communications ZyWALL 1000 34.1.2 Ext-UserAccounts

Chapter 34 User/Group

Set up an Ext-Useraccount if the user is authenticated by an external server and you want to set up specific policies for this user in the ZyWALL. If you do not want to set up policies for this user, you do not have to set up an Ext-Useraccount.

Ext-Userusers should be authenticated by an external server, such as LDAP or RADIUS. If the ZyWALL tries to use the local database to authenticate an Ext-User, the authentication attempt always fails. (This is related to AAA servers and authentication methods, which are discussed in Chapter 38 on page 531 and Chapter 39 on page 541, respectively.)

"If the ZyWALL tries to authenticate an Ext-Userusing the local database, the attempt always fails.

Once an Ext-Useruser has been authenticated, the ZyWALL tries to get the user type (see Table 155 on page 503) from the external server. If the external server does not have the information, the ZyWALL sets the user type for this session to User.

For the rest of the user attributes, such as reauthentication time, the ZyWALL checks the following places, in order.

1User account in the remote server.

2User account (Ext-User) in the ZyWALL.

3Default user account for LDAP users (ldap-users) or RADIUS users (radius-users) in the ZyWALL.

See Section 34.1.2.1 on page 504 for a list of attributes and how to set up the attributes in an external server.

34.1.2.1 Setting up User Attributes in an External Server

To set up user attributes, such as reauthentication time, in LDAP or RADIUS servers, use the following keywords in the user configuration file.

Table 156 LDAP/RADIUS: Keywords for User Attributes

The following examples show you how you might set up user attributes in LDAP and RADIUS servers.

Figure 369 LDAP Example: Keywords for User Attributes

type: admin

leaseTime: 99

reauthTime: 199