Chapter 18 User/Group
NXC Series User’s Guide
239
Note: The default admin account is always authenticated locally, regardless of the
authentication method setting.
Ext-User Accounts
Set up an ext-user account if the user is authenticated by an external server and you want to set up
specific policies for this user in the NXC. If you do not want to set up policies for this user, you do not have
to set up an ext-user account.
All ext-user users should be authenticated by an external server, such as AD, LDAP or RADIUS. If the NXC
tries to use the local database to authenticate an ext-user, the authentication attempt always fails.
Note: If the NXC tries to authenticate an ext-user using the local database, the attempt
always fails.
Once an ext-user has been authenticated, the NXC tries to get the user type from the external server. If
the external server does not have the information, the NXC sets the user type for this session to User.
Ext-Group-User Accounts
Ext-Group-User accounts work are similar to ext-user accounts but allow you to group users by the value
of the group membership attribute configured for the AD or LDAP server.
Ext-Server Accounts
Ext-Server accounts are admin accounts that can log into the NXC from the WAN and which are
authenticated by an associated RADIUS server.
Dynamic Guest Accounts
Dynamic guest accounts are guest accounts, but are created dynamically with the guest manager
account and stored in the NXC’s local user database. A dynamic guest account has a dynamically-
created user name and password. A dynamic guest account user can access the NXC’s services only
within a given period of time and will become invalid after the expiration date/time. You cannot modify
or edit a dynamic guest account.
MAC Address Accounts
Use an external server to authenticate wireless clients by MAC address. After authentication the NXC
maps the wireless client to a mac-address user account (MAC role). Configure user-aware features to
control MAC address user access to network services.
ext-user External user account Captive Portal
ext-group-user External group user account Captive Portal
guest-manager Create dynamic guest accounts WWW
dynamic guest Access network services Captive Portal
mac-address As permitted by the user-aware feature
configuration.
MAC Authentication
Table 109 Types of User Accounts (continued)
TYPE ABILITIES LOGIN METHOD(S)
To Next Page
Loading...
