ZyXEL Communications ZyWALL 70 Información técnica descargar pdf (Pagina 295)

ZyWALL 1050 Support Notes

295

3. Another account was used to login from the same computer

M05. What is AAA?

AAA stands for Authentication/Authorization/Accounting. AAA is a model for access control

and also a basis for user-aware device. A user-aware device like ZyWALL 1050 could use

authentication method to authenticate a user (to prove who the user is) and give the user

proper authority (defining what the user is allowed and not allowed to do) by authorization

method. Accounting measures the resources a user consume during access which is used for

authorization control, resources utilization and capacity planning activities.

AAA services are often provided by a dedicated AAA server or a local database in a

user-aware device. The most common server interfaces are LDAP and RADIUS.

In ZyWALL1050, AAA object allows administrators to define the local database, AAA

server(including LDAP server and RADIUS server) and related parameters. AAA groups are

ones that could group several AAA servers for those enterprises that have more than one AAA

server. Furthermore, if the three kinds of services, LDAP, RADIUS and Local exist at the

same time, administrators could decide the order of different AAA services by AAA method.

M05. What are ldap-users and radius-users used for?

ldap-users/radius-users refer to the users that are authenticated successfully via

LDAP/RADIUS server. If you want to perform access control rules or build access policies for

the users authenticated via external servers such as LDAP or RADIUS, you can use the

ldap-users and radius-users in your access control rules or policies.

M06. What privileges will be given for ldap-users and radius-users?

When a user has been authenticated by external database (ladp or radius server), it will retrieve

the user’s attributes (like lease timeout and re-auth timeout value) from the external server. If

the external server doesn’t define the user’s attributes, it will try to check local database on

ZyWALL 1050 (at GUI menu Configuration > User/Group > User tab or Group tab) instead.

If it still cannot find, it will use the attribute of “ldap-users” and “radius-users” at GUI menu

1 2 ... 290 291 292 293 294 295 296 297 298

Sin comentarios

ZyXEL Communications ZyWALL 70 Información técnica Pagina 295