ZyXEL Communications ZyWall ATP series User Manual page 640

• RADIUS
RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used to
authenticate users by means of an external or built-in RADIUS server. RADIUS authentication allows
you to validate a large number of users from a central location.
Directory Structure
The directory entries are arranged in a hierarchical order much like a tree structure. Normally, the
directory structure reflects the geographical or organizational boundaries. The following figure shows a
basic directory structure branching from countries to organizations to organizational units to individuals.
Figure 420 Basic Directory Structure
Root
Japan
Countries (c)
Distinguished Name (DN)
A DN uniquely identifies an entry in a directory. A DN consists of attribute-value pairs separated by
commas. The leftmost attribute is the Relative Distinguished Name (RDN). This provides a unique name
for entries that have the same "parent DN" ("cn=domain1.com, ou=Sales, o=MyCompany" in the
following examples).
cn=domain1.com, ou = Sales, o=MyCompany, c=US
cn=domain1.com, ou = Sales, o=MyCompany, c=JP
Base DN
A base DN specifies a directory. A base DN usually contains information such as the name of an
organization, a domain name and/or country. For example, o=MyCompany, c=UK where o means
organization and c means country.
Bind DN
A bind DN is used to authenticate with an LDAP/AD server. For example a bind DN of cn=zywallAdmin
allows the Zyxel Device to log into the LDAP/AD server using the user name of zywallAdmin. The bind
DN is used in conjunction with a bind password. When a bind DN is not specified, the Zyxel Device will try
to log in as an anonymous user. If the bind password is incorrect, the login will fail.
Chapter 34 Object
Sprint
US
UPS
NEC
Organizations (o)
ZyWALL ATP Series User's Guide
640
Sales
RD3
QA
CSO
Sales
RD
Organization Units (ou)
Unique
Common Name
(cn)