ZyXEL Communications 200 Series User Manual
Page 594
Chapter 35 User/Group
ZyWALL USG 100/200 Series User’s Guide
594
"
The default admin account is always authenticated locally, regardless of the
authentication method setting. (See
for more
information about authentication methods.)
Ext-User Accounts
Set up an Ext-User account if the user is authenticated by an external server and you want to
set up specific policies for this user in the ZyWALL. If you do not want to set up policies for
this user, you do not have to set up an Ext-User account.
Ext-User users should be authenticated by an external server, such as AD, LDAP or RADIUS.
If the ZyWALL tries to use the local database to authenticate an Ext-User, the authentication
attempt always fails. (This is related to AAA servers and authentication methods, which are
discussed in
, respectively.)
"
If the ZyWALL tries to authenticate an Ext-User using the local database, the
attempt always fails.
Once an Ext-User user has been authenticated, the ZyWALL tries to get the user type (see
) from the external server. If the external server does not have the
information, the ZyWALL sets the user type for this session to User.
For the rest of the user attributes, such as reauthentication time, the ZyWALL checks the
following places, in order.
1 User account in the remote server.
2 User account (Ext-User) in the ZyWALL.
3 Default user account for AD users (ad-users), LDAP users (ldap-users) or RADIUS
users (radius-users) in the ZyWALL.
See
Setting up User Attributes in an External Server on page 604
for a list of attributes and
how to set up the attributes in an external server.
User Groups
User groups may consist of user accounts or other user groups. Use user groups when you
want to create the same rule for several user accounts, instead of creating separate rules for
each one.
Guest
Access network services
WWW
Ext-User
External User Account
WWW
Table 190 Types of User Accounts (continued)
TYPE
ABILITIES
LOGIN METHOD(S)