ZyXEL ISG50-PSTN User Guide - Page 600
Ext-User Accounts, Ext-Group-User Accounts, User Groups
View all ZyXEL ISG50-PSTN manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 600 highlights
Chapter 44 User/Group Note: The default admin account is always authenticated locally, regardless of the authentication method setting. (See Chapter 48 on page 631 for more information about authentication methods.) Ext-User Accounts Set up an ext-user account if the user is authenticated by an external server and you want to set up specific policies for this user in the ISG50. If you do not want to set up policies for this user, you do not have to set up an ext-user account. All ext-user users should be authenticated by an external server, such as AD, LDAP or RADIUS. If the ISG50 tries to use the local database to authenticate an ext-user, the authentication attempt always fails. (This is related to AAA servers and authentication methods, which are discussed in Chapter 48 on page 631 and Chapter 49 on page 639, respectively.) Note: If the ISG50 tries to authenticate an ext-user using the local database, the attempt always fails. Once an ext-user user has been authenticated, the ISG50 tries to get the user type (see Table 229 on page 599) from the external server. If the external server does not have the information, the ISG50 sets the user type for this session to User. For the rest of the user attributes, such as reauthentication time, the ISG50 checks the following places, in order. 1 User account in the remote server. 2 User account (Ext-User) in the ISG50. 3 Default user account for AD users (ad-users), LDAP users (ldap-users) or RADIUS users (radiususers) in the ISG50. See Setting up User Attributes in an External Server on page 610 for a list of attributes and how to set up the attributes in an external server. Ext-Group-User Accounts Ext-Group-User accounts work are similar to ext-user accounts but allow you to group users by the value of the group membership attribute configured for the AD or LDAP server. See Section 48.2.1 on page 635 for more on the group membership attribute. User Groups User groups may consist of user accounts or other user groups. Use user groups when you want to create the same rule for several user accounts, instead of creating separate rules for each one. Note: You cannot put access users and admin users in the same user group. Note: You cannot put the default admin account into any user group. The sequence of members in a user group is not important. 600 ISG50 User's Guide