Chapter 34 Object
ZyWALL ATP Series User’s Guide
583
Ext-User Accounts
Set up an
ext-user
account if the user is authenticated by an external server and you want to set up
specific policies for this user in the Zyxel Device. If you do not want to set up policies for this user, you do
not have to set up an
ext-user
account.
All
ext-user
users should be authenticated by an external server, such as AD, LDAP or RADIUS. If the Zyxel
Device tries to use the local database to authenticate an
ext-user
, the authentication attempt always
fails. (This is related to AAA servers and authentication methods, which are discussed in those chapters in
this guide.)
Note: If the Zyxel Device tries to authenticate an
ext-user
using the local database, the
attempt always fails.
Once an
ext-user
user has been authenticated, the Zyxel Device tries to get the user type (see
) from the external server. If the external server does not have the information, the Zyxel
Device sets the user type for this session to
User
.
For the rest of the user attributes, such as reauthentication time, the Zyxel Device checks the following
places, in order.
1
User account in the remote server.
2
User account (Ext-User) in the Zyxel Device.
3
Default user account for AD users (
ad-users
), LDAP users (
ldap-users
) or RADIUS users (
radius-users
) in
the Zyxel Device.
See
Setting up User Attributes in an External Server
for a list of attributes and how to set up the attributes
in an external server.
Ext-Group-User Accounts
Ext-Group-User
accounts work are similar to ext-user accounts but allow you to group users by the value
of the group membership attribute configured for the AD or LDAP server. See
for more on the group membership attribute.
Dynamic-Guest Accounts
Dynamic guest accounts are guest accounts, but are created dynamically and stored in the Zyxel
Device’s local user database. A dynamic guest account has a dynamically-created user name and
password. A dynamic guest account user can access the Zyxel Device’s services only within a given
period of time and will become invalid after the expiration date/time.
There are three types of dynamic guest accounts depending on how they are created or
authenticated:
billing-users
,
ua-users
and
trial-users
.
billing-users
are guest account created with the guest manager account or an external printer and
paid by cash or created and paid via the on-line payment service.
ua-users
are users that log in from
the user agreement page.
trial-users
are free guest accounts that are created with the Free Time
function.