Support User Manuals

ZyXEL Communications 3.1 Security Camera User Manual

Open as PDF

of 386

Chapter 31 Authentication Objects

ZyWALL (ZLD) CLI Reference Guide

256

31.2.1 aaa authentication Command Example

The following example creates an authentication profile to authentication users using the LDAP

server group and then the local user database.

31.3 test aaa Command

The following table lists the test aaa command you use to teat a user account on an

authentication server.

31.3.1 Test a User Account Command Example

The following example shows how to test whether a user account named userABC exists on the AD

authentication server which uses the following settings:

• IP address: 172.16.50.1

•Port: 389

• Base-dn: DC=ZyXEL,DC=com

[no] aaa authentication

profile-name member1 [member2]

[member3] [member4]

Sets the profile to use the authentication method(s) in the order specified.

member = group ad, group ldap, group radius, or local.

Note: You must specify at least one member for each profile. Each type of member

can only be used once in a profile.

The no command clears the specified authentication method(s) for the profile.

aaa authentication [no] match-

default-group

Enable this to treat a user successfully authenticated by a remote auth server as a

defat-ext-user. If the remote authentication server is LDAP, the default-ext-user

account is an ldap-user. If the remote authentication server is AD, the default-ext-

user account is an ad-user. If the remote authentication server is RADIUS, the

default-ext-user account is a radius-user.

Table 153 aaa authentication Commands (continued)

COMMAND DESCRIPTION

Router# configure terminal

Router(config)# aaa authentication LDAPuser group ldap local

Router(config)# show aaa authentication LDAPuser

No. Method

===========================================================================

0 ldap

1 local

Router(config)#

Table 154 test aaa Command

COMMAND DESCRIPTION

test aaa {server|secure-server} {ad|ldap} host

{hostname|ipv4-address} [host {hostname|ipv4-

address}] port <1..65535> base-dn base-dn-string

[bind-dn bind-dn-string password password] login-

name-attribute attribute [alternative-login-name-

attribute attribute] account account-name

Tests whether a user account exists on the specified

authentication server.

previous next