Table of Contents
Advertisement
Chapter 6 Maintenance
6.2 How to Use a RADIUS Server to Authenticate User
Accounts based on Groups
The previous example showed how to have a RADIUS server authenticate individual user accounts.
If the RADIUS server has different user groups distinguished by the value of a specific attribute,
you can make a couple of slight changes in the configuration to have the RADIUS server
authenticate groups of user accounts defined in the RADIUS server.
Click Configuration > Object > AAA Server > RADIUS. Double-click the radius entry. Besides
1
configuring the RADIUS server's address, authentication port, and key; set the Group
Membership Attribute field to the attribute that the ZyWALL is to check to determine to which
group a user belongs. This example uses Class. This attribute's value is called a group identifier; it
determines to which group a user belongs. In this example the values are Finance, Engineer, Sales,
and Boss.
Now you add ext-group-user user objects to identify groups based on the group identifier values.
2
Set up one user account for each group of user accounts in the RADIUS server. Click Configuration
> Object > User/Group > User. Click the Add icon.
Enter a user name and set the User Type to ext-group-user. In the Group Identifier field, enter
Finance and set the Associated AAA Server Object to radius.
122
ZyWALL USG100-PLUS User's Guide
Hide quick links:
Advertisement
Table of Contents
