ZyXEL UAG715 User Guide - Page 356
Ext-User Accounts, Ext-Group-User Accounts, User Groups
View all ZyXEL UAG715 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 356 highlights
Chapter 29 User/Group Note: The default admin account is always authenticated locally, regardless of the authentication method setting. (See Chapter 34 on page 390 for more information about authentication methods.) Ext-User Accounts Set up an ext-user account if the user is authenticated by an external server and you want to set up specific policies for this user in the UAG. If you do not want to set up policies for this user, you do not have to set up an ext-user account. All ext-user users should be authenticated by an external server, such as AD, LDAP or RADIUS. If the UAG tries to use the local database to authenticate an ext-user, the authentication attempt always fails. (This is related to AAA servers and authentication methods, which are discussed in Chapter 33 on page 382 and Chapter 34 on page 390, respectively.) Note: If the UAG tries to authenticate an ext-user using the local database, the attempt always fails. Once an ext-user user has been authenticated, the UAG tries to get the user type (see Table 132 on page 355) from the external server. If the external server does not have the information, the UAG sets the user type for this session to User. For the rest of the user attributes, such as reauthentication time, the UAG checks the following places, in order. 1 User account in the remote server. 2 User account (Ext-User) in the UAG. 3 Default user account for AD users (ad-users), LDAP users (ldap-users) or RADIUS users (radiususers) in the UAG. See Setting up User Attributes in an External Server on page 367 for a list of attributes and how to set up the attributes in an external server. Ext-Group-User Accounts Ext-Group-User accounts work are similar to ext-user accounts but allow you to group users by the value of the group membership attribute configured for the AD or LDAP server. See Section 33.2.1 on page 385 for more on the group membership attribute. User Groups User groups may consist of user accounts or other user groups. Use user groups when you want to create the same rule for several user accounts, instead of creating separate rules for each one. Note: You cannot put access users and admin users in the same user group. Note: You cannot put the default admin account into any user group. The sequence of members in a user group is not important. 356 UAG715 User's Guide