Chapter 31 User/Group
UAG4100 User’s Guide
293
Note: The default
admin
account is always authenticated locally, regardless of the
authentication method setting. (See
for more information
about authentication methods.)
Ext-User Accounts
Set up an
ext-user
account if the user is authenticated by an external server and you want to set
up specific policies for this user in the UAG. If you do not want to set up policies for this user, you
do not have to set up an
ext-user
account.
All
ext-user
users should be authenticated by an external server, such as RADIUS. If the UAG tries
to use the local database to authenticate an
ext-user
, the authentication attempt always fails.
(This is related to AAA servers and authentication methods, which are discussed in
and
, respectively.)
Note: If the UAG tries to authenticate an
ext-user
using the local database, the attempt
always fails.
Once an
ext-user
user has been authenticated, the UAG tries to get the user type (see
) from the external server. If the external server does not have the information, the
UAG sets the user type for this session to
User
.
For the rest of the user attributes, such as reauthentication time, the UAG checks the following
places, in order.
1
User account in the remote server.
2
User account (Ext-User) in the UAG.
3
Default user account for RADIUS users (
radius-users
) in the UAG.
See
Setting up User Attributes in an External Server on page 304
for a list of attributes and how to
set up the attributes in an external server.
Ext-Group-User Accounts
Ext-Group-User
accounts are similar to ext-user accounts but allow you to group users by the
value of the group membership attribute configured for the RADIUS server. See
for more on the group membership attribute.
Dynamic-Guest Accounts
Dynamic guest accounts are guest accounts, but are created dynamically and stored in the UAG’s
local user database. A dynamic guest account has a dynamically-created user name and password.
A dynamic guest account user can access the UAG’s services only within a given period of time and
will become invalid after the expiration date/time.
There are three types of dynamic guest accounts depending on how they are created or
authenticated:
billing-users
,
ua-users
and
trial-users
.
billing-users
are guest account created with the guest manager account or an external printer and
paid by cash or created and paid via the on-line payment service.
ua-users
are users that log in