Aaa server, 1 overview, 1 directory service (ad/ldap) overview – ZyXEL Communications 200 Series User Manual
Page 625: 2 radius server overview, Chapter 39 aaa server, Chapter 39, Aaa server (625)
ZyWALL USG 100/200 Series User’s Guide
625
C
H A P T E R
3 9
AAA Server
39.1 Overview
You can use a AAA (Authentication, Authorization, Accounting) server to provide access
control to your network. The AAA server can be a Active Directory, LDAP, or RADIUS
server. Use the AAA Server screens to create and manage objects that contain settings for
using individual AAA servers or groups of AAA servers. You use AAA server objects in
configuring authentication method objects (see
39.1.1 Directory Service (AD/LDAP) Overview
LDAP/AD allows a client (the ZyWALL) to connect to a server to retrieve information from a
directory. A network example is shown next.
Figure 461 Example: Directory Service Client and Server
The following describes the user authentication procedure via an LDAP/AD server.
1 A user logs in with a user name and password pair.
2 The ZyWALL tries to bind (or log in) to the LDAP/AD server.
3 When the binding process is successful, the ZyWALL checks the user information in the
directory against the user name and password pair.
4 If it matches, the user is allowed access. Otherwise, access is blocked.
39.1.2 RADIUS Server Overview
RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol
used to authenticate users by means of an external server instead of (or in addition to) an
internal device user database that is limited to the memory capacity of the device. In essence,
RADIUS authentication allows you to validate a large number of users from a central location.