Chapter 38 AAA Server

The following table describes the labels in this screen.

Table 178 Object > AAA Server > Active Directory (or LDAP) > Group > Add

LABEL

DESCRIPTION

Configuration

All AD or LDAP servers in a group share the same settings in the fields below.

 

 

Name

Enter a descriptive name (up to 63 alphanumerical characters). for identification

 

purposes.

 

 

Port

Specify the port number on the LDAP server(s) to which the ZyWALL sends

 

authentication requests. Enter a number between 1 and 65535.

 

This port number should be the same on all AD or LDAP server(s) in this group.

 

 

Password

If required, enter the password (up to 15 alphanumerical characters) the ZyWALL

 

uses to log into the AD or LDAP server(s).

 

 

Base DN

Specify the top level directory in the directory. For example, o=ZyXEL, c=US.

binddn

Specify the bind DN for logging into the AD or LDAP server(s). For example,

 

cn=zywallAdmin specifies zywallAdmin as the user name.

CN Identifier

Specify the unique common name that uniquely identifies a record in the AD or

 

LDAP directory. Enter up to 63 alphanumerical characters.

 

 

Search time

Specify the timeout period (between 1 and 300 seconds) before the ZyWALL

limit

disconnects from the AD or LDAP server. In this case, user authentication fails.

 

Search timeout occurs when either the user information is not in the AD or LDAP

 

server(s) or the AD or LDAP server(s) is down.

 

 

Use SSL

Select Use SSL to establish a secure connection to the AD or LDAP server(s).

 

 

Host Members

The ordering of the LDAP servers is important as the ZyWALL uses the AD or

 

LDAP servers for user authentication in the order they appear in this table.

 

 

#

This field displays the index number.

 

 

Members

Specify the URI (Uniform Resource Identifier) of an AD or LDAP server. You can

 

enter the IP address (in dotted decimal notation) or the fully qualified domain

 

name (FQDN; up to 63 alphanumerical characters) of the AD or LDAP server.

 

 

Add icon

Click Add to add a new AD or LDAP server. You can add up to four AD or LDAP

 

member servers.

 

Click Delete to remove an AD or LDAP server.

 

 

OK

Click OK to save the changes.

 

 

Cancel

Click Cancel to discard the changes.

 

 

38.4 RADIUS Server

RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device. In essence, RADIUS authentication allows you to validate a large number of users from a central location.

536

 

ZyWALL USG 1000 User’s Guide