Chapter 56 Authentication Objects
ZyWALL Series CLI Reference Guide
482
56.3.1 Test a User Account Command Example
The following example shows how to test whether a user account named userABC exists on the AD
authentication server which uses the following settings:
• IP address: 172.16.50.1
• Port: 389
• Base-dn: DC=Zyxel,DC=com
• Bind-dn: zyxel\engineerABC
• Password: abcdefg
• Login-name-attribute: sAMAccountName
The result shows the account exists on the AD server. Otherwise, the Zyxel Device responds an error.
56.4 VPN/Admin Two-Factor Authentication
Two-factor authentication adds an extra layer of security for users logging into the Zyxel Device. When
two-factor authentication is enabled, a user has to first enter their username and password, and then
click on a temporary link or enter a one-time password when logging in.
You can enable two-factor authentication for users who are logging into the Zyxel Device to create a
VPN tunnel (VPN access), and for administrator and limited admin users who are logging into the Web
Configurator or CLI (admin access) to configure the Zyxel Device.
Note: You can also configure two-factor authentication for non-VPN and non-admin users in
web authentication. For details, see Section 31.1 on page 250.
Note: The admin two-factor authentication settings override the web authentication two-
factor authentication settings if both are configured.
Router> test aaa server ad host 172.16.50.1 port 389 base-dn DC=Zyxel,DC=com
bind-dn zyxel\engineerABC password abcdefg login-name-attribute
sAMAccountName account userABC
dn:: Q049MTIzNzco546L5aOr56uRKSxPVT1XaXRoTWFpbCxEQz1aeVhFTCxEQz1jb20=
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn:: MTIzNzco546L5aOr56uRKQ==
sn: User
l: 2341100
--------------------------SNIP!--------------------------------------------
To Next Page
Loading...
