User

This describes how to set up user accounts and user settings for the NWA/WAC.

User Account

A user account defines the privileges of a user logged into the NWA/WAC. User accounts are used in controlling access to configuration and services in the NWA/WAC.

User Types

These are the types of user accounts the NWA/WAC uses.

Types of User Accounts
Type	Abilities	Login Method(s)
Admin Users
admin	Change NWA/WAC configuration (web, CLI)	WWW, TELNET, SSH, FTP
limited-admin	Look at NWA/WAC configuration (web, CLI) Perform basic diagnostics (CLI)	WWW, TELNET, SSH
Access Users
user	Used for the embedded RADIUS server and SNMPv3 user access Browse user-mode commands (CLI)

Note: The default admin account is always authenticated locally, regardless of the authentication method setting.

User Summary

The User screen provides a summary of all user accounts.

Configuration > Object > User
Label	Description
Add	Click this to create a new entry.
Edit	Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
Remove	To remove an entry, select it and click Remove. The NWA/WAC confirms you want to remove it before doing so.
Object Reference	Select an entry and click Object Reference to open a screen that shows which settings use the entry.
#	This field is a sequential value, and it is not associated with a specific user.
User Name	This field displays the user name of each user.
User Type	This field displays type of user this account was configured as. • admin - this user can look at and change the configuration of the NWA/WAC • limited-admin - this user can look at the configuration of the NWA/WAC but not to change it • user - this user has access to the NWA/WAC’s services but cannot look at the configuration
Description	This field displays the description for each user.

Add/Edit User

The User Add/Edit screen allows you to create a new user account or edit an existing one.

Rules for User Names

Enter a user name from 1 to 31 characters.

The user name can only contain the following characters:

• Alphanumeric A-z 0-9 (there is no unicode support)

• _ [underscores]

• - [dashes]

The first character must be alphabetical (A-Z a-z), an underscore (_), or a dash (-). Other limitations on user names are:

• User names are case-sensitive. If you enter a user 'bob' but use 'BOB' when connecting via CIFS or FTP, it will use the account settings used for 'BOB' not ‘bob’.

• User names have to be different than user group names.

• Here are the reserved user names:

• adm	• admin	• any	• bin	• daemon
• debug	• devicehaecived	• ftp	• games	• halt
• ldap-users	• lp	• mail	• news	• nobody
• operator	• radius-users	• root	• shutdown	• sshd
• sync	• uucp	• zyxel

Configuration > User > User > Add/Edit A User
Label	Description
User Name	Type the user name for this user account. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be a number. This value is case-sensitive. User names have to be different than user group names, and some words are reserved.
User Type	Select what type of user this is. Choices are: • admin - this user can look at and change the configuration of the NWA/WAC • limited-admin - this user can look at the configuration of the NWA/WAC but not to change it • user - this is used for embedded RADIUS server and SNMPv3 user access
Password	Enter the password of this user account. It can consist of 4 - 63 alphanumeric characters.
Retype	Re-enter the password to make sure you have entered it correctly.
Description	Enter the description of each user, if any. You can use up to 60 printable ASCII characters. Default descriptions are provided.
Authentication Timeout Settings	This field is not available if the user type is user. If you want to set authentication timeout to a value other than the default settings, select Use Manual Settings then fill your preferred values in the fields that follow.
Lease Time	This field is not available if the user type is user. Enter the number of minutes this user has to renew the current session before the user is logged out. You can specify 1 to 1440 minutes. You can enter 0 to make the number of minutes unlimited. Admin users renew the session every time the main screen refreshes in the Web Configurator.
Reauthentication Time	This field is not available if the user type is user. Type the number of minutes this user can be logged into the NWA/WAC in one session before the user has to log in again. You can specify 1 to 1440 minutes. You can enter 0 to make the number of minutes unlimited. Unlike Lease Time, the user has no opportunity to renew the session without logging out.
OK	Click OK to save your changes back to the NWA/WAC.
Cancel	Click Cancel to exit this screen without saving your changes.

Setting

This screen controls default settings, login settings, lockout settings, and other user settings for the NWA/WAC.

Configuration > Object > User > Setting
Label	Description
User Default Setting
Default Authentication Timeout Settings	These authentication timeout settings are used by default when you create a new user account. They also control the settings for any existing user accounts that are set to use the default settings. You can still manually configure any user account’s authentication timeout settings.
Edit	Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
#	This field is a sequential value, and it is not associated with a specific entry.
User Type	These are the kinds of user account the NWA/WAC supports. • admin - this user can look at and change the configuration of the NWA/WAC • limited-admin - this user can look at the configuration of the NWA/WAC but not to change it • user - this is used for embedded RADIUS server and SNMPv3 user access
Lease Time	This is the default lease time in minutes for each type of user account. It defines the number of minutes the user has to renew the current session before the user is logged out. Admin users renew the session every time the main screen refreshes in the Web Configurator.
Reauthentication Time	This is the default reauthentication time in minutes for each type of user account. It defines the number of minutes the user can be logged into the NWA/WAC in one session before having to log in again. Unlike Lease Time, the user has no opportunity to renew the session without logging out.
User Logon Settings
Limit the number of simultaneous logons for administration account	Select this check box if you want to set a limit on the number of simultaneous logins by admin users. If you do not select this, admin users can login as many times as they want at the same time using the same or different IP addresses.
Maximum number per administration account	This field is effective when Limit ... for administration account is checked. Type the maximum number of simultaneous logins by each admin user.
User Lockout Settings
Enable logon retry limit	Select this check box to set a limit on the number of times each user can login unsuccessfully (for example, wrong password) before the IP address is locked out for a specified amount of time.
Maximum retry count	This field is effective when Enable logon retry limit is checked. Type the maximum number of times each user can login unsuccessfully before the IP address is locked out for the specified lockout period. The number must be between 1 and 99.
Lockout period	This field is effective when Enable logon retry limit is checked. Type the number of minutes the user must wait to try to login again, if logon retry limit is enabled and the maximum retry count is reached. This number must be between 1 and 65,535 (about 45.5 days).
Apply	Click Apply to save the changes.
Reset	Click Reset to return the screen to its last-saved settings.

Edit User Authentication Timeout Settings

This screen allows you to set the default authentication timeout settings for the selected type of user account. These default authentication timeout settings also control the settings for any existing user accounts that are set to use the default settings. You can still manually configure any user account’s authentication timeout settings.

User > Setting > Edit User Authentication Timeout Settings
Label	Description
User Type	This read-only field identifies the type of user account for which you are configuring the default settings. • admin - this user can look at and change the configuration of the NWA/WAC. • limited-admin - this user can look at the configuration of the NWA/WAC but not to change it.
Lease Time	Enter the number of minutes this type of user account has to renew the current session before the user is logged out. You can specify 1 to 1440 minutes. You can enter 0 to make the number of minutes unlimited. Admin users renew the session every time the main screen refreshes in the Web Configurator. Access users can renew the session by clicking the Renew button on their screen. If you allow access users to renew time automatically, the users can select this check box on their screen as well. In this case, the session is automatically renewed before the lease time expires.
Reauthentication Time	Type the number of minutes this type of user account can be logged into the NWA/WAC in one session before the user has to log in again. You can specify 1 to 1440 minutes. You can enter 0 to make the number of minutes unlimited. Unlike Lease Time, the user has no opportunity to renew the session without logging out.
OK	Click OK to save your changes back to the NWA/WAC.
Cancel	Click Cancel to exit this screen without saving your changes.