You are here: Webhelp 5.5R6 > Object > User

User

User refers to the user who uses the functions and services provided by the Hillstone device, or who is authenticated or managed by the device. The authenticated users consist of local user and external user. The local users are created by administrators. They belong to different local authentication servers, and are stored in system's configuration files. The external users are stored in external servers, such as AD server or LDAP server. System supports User Group to facilitate user management. Users belonging to one local authentication server can be allocated to different user groups, while one single user can belong to different user groups simultaneously; similarly, user groups belonging to one local authentication server can be allocated to different user groups, while one single user group can belong to different user groups simultaneously. The following diagram uses the default AAA server, Local, as an example and shows the relationship between users and user groups:

As shown above, User1, User2 and User3 belong to UserGroup1, while User3 also belongs to UserGroup2, and UserGroup2 also contains User4, User5 and UserGroup1.

Configuring a Local User

This section describes how to configure a local user and user group.

  • Click the "Local server" drop-down box in the upper left corner of the page to switch the local user's server.
  • Red, orange and yellow colors are used to mark the expired users , expired within a week, expired within a month in the list.

Creating a Local User

To create a local user, take the following steps:

  1. Select Object > User > Local User.
  2. Click New > User.
  3. Click OK.

Creating a User Group

To create a user group, take the following steps:

  1. Select Object > User > Local User.
  2. Click New > User Group.

  3. Type the name of the user group into the Name box.

  4. Specify members for the user group. Expand User or User Group in the Available list, select a user or user group and click Add to add it to the Selected list on the right. To delete a selected user or user group, select it in the Selected list and then click Remove. One user group can contain multiple users or user groups, but system only supports up to 5 layers of nested user groups and does not support the loopback nest. Therefore, a user group should not nest the upper-layer user group it belongs to.

  5. Click OK.

Import User Password List

Import user binding list to system, take the following steps:

  1. Select Object>User> Local User.
  2. Click Import User Password List, and the Import User Password List dialog box pops up.
  3. Click Browse to select the file name needed to be imported.

  4. Click OK to finish import.

Export User Password List

Export user binding list from system to local, take the following steps:

  1. Select Object > User > Local User.
  2. Click Export User Password List, and the Export User Password List dialog box pops up, and select the saved position in local.
  3. Click OK to finish export.

  • The user password in the import/export file is in encrypted text;.
  • Please try to keep the import file format consistent with the export file.
  • When importing, if the same user name exists under the same server, the original user password will be overwritten.

Configuring a LDAP User

This section describes how to configure a LDAP user.

Synchronizing Users

To synchronize users in a LDAP server, firstly, you need to configure a LDAP server, refer to Configuring LDAP Server.To synchronize users:

  1. Select Object > User > LDAP User.
  2. Select a server from the LDAP Server drop-down list, and click Sync Users.

By default, after creating a LDAP server, system will synchronize the users of the LDAP server automatically, and then continue to synchronize every 30 minutes.

Configuring an Active Directory User

This section describes how to configure an active directory (AD) user.

Synchronizing Users

To synchronize users in an AD server to the device, first you need to configure an AD server ,refer to Configuring Active Directory Server. To synchronize users, take the following steps:

  1. Select Object > User >AD User.
  2. Select an AD server from the Active Directory Server drop-down list, and click Sync Users.

By default, after creating an AD server, system will synchronize the users of the AD server automatically, and then continue to synchronize every 30 minutes.

Configuring a IP-User Binding

Adding User Binding

To bind an IP or MAC address to a user, take the following steps:

  1. Select Object > User > IP-User Binding .
  2. Click Add User Binding.

  3. Click OK.

Import Binding

Import user binding list to system, take the following steps:

  1. Select Object>User> IP-User Binding.
  2. Click Import , and the Import User Binding List dialog box pops up.
  3. Click Browse to select the file name needed to be imported.

  4. Click OK to finish import.

Export Binding

Export user binding list from system to local, take the following steps:

  1. Select Object>User> IP-User Binding.
  2. Select the exported user category(include local, LDAP, AD and all users) in the Export drop-down list to pop up the export dialog box, and select the saved position in local.
  3. Click OK to finish export.