![background image](/i/zyxel/144611/zyxel-zywall-usg-1000/h/zyxel-zywall-usg-1000-128.png)
Chapter 6 Maintenance
ZyWALL USG 20-2000 User’s Guide
128
6.2 How to Use a RADIUS Server to Authenticate User
Accounts based on Groups
The previous example showed how to have a RADIUS server authenticate individual user accounts.
If the RADIUS server has different user groups distinguished by the value of a specific attribute,
you can make a couple of slight changes in the configuration to have the RADIUS server
authenticate groups of user accounts defined in the RADIUS server.
1
Click
Configuration > Object > AAA Server > RADIUS
. Double-click the
radius
entry. Besides
configuring the RADIUS server’s address, authentication port, and key; set the
Group
Membership Attribute
field to the attribute that the ZyWALL is to check to determine to which
group a user belongs. This example uses
Class
. This attribute’s value is called a group identifier; it
determines to which group a user belongs. In this example the values are Finance, Engineer, Sales,
and Boss.
2
Now you add ext-group-user user objects to identify groups based on the group identifier values.
Set up one user account for each group of user accounts in the RADIUS server. Click
Configuration
> Object > User/Group > User
. Click the
Add
icon.
Enter a user name and set the
User Type
to
ext-group-user
. In the
Group Identifier
field, enter
Finance and set the
Associated AAA Server Object
to
radius
.