Account
From Wiki of WFilter NG Firewall
(Difference between revisions)
(Created page with "{{DISPLAYTITLE:Local Accounts}} ==New Account== File:Faq_en_account001.png <p>验证方式勾选了PPPoE,该账号才会在PPPoE认证中生效,并且可以单独对...") |
(→Password Complexity and Expiry) |
||
| (10 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
| − | {{DISPLAYTITLE: | + | {{DISPLAYTITLE:Accounts}} |
| − | == | + | == Introduction == |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | This module defines WFilter NGF's local accounts of, which can be used for: | |
| − | + | * [[Pppoe|PPPoE]] | |
| − | [[ | + | * [[Webauth|Web Auth]] |
| + | * [[VPN]] | ||
| + | * Set access policy by users. | ||
| + | * Record internet activity by users. | ||
| + | For example, you can choose usernames in "Applied to" targets for polices: | ||
| − | ==FAQ== | + | [[File:Faq_en_account002.png|600px]] |
| + | |||
| + | == New Local Account == | ||
| + | |||
| + | You need to configure account's username, password, valid date, group, sessions, mac binding, access priviledge and pppoe properties. | ||
| + | * Supported access type: | ||
| + | ** PPPoE: allow this user to access WFilter NGF's pppoe service. Please check [[Pppoe|PPPoE]] for details. | ||
| + | ** VPN: allow this user to connect to vpn service. Please check [[VPN]] for details. | ||
| + | ** Web: allow this user to authenticate via web auth. Please check [[Webauth|Web Auth]] for details. | ||
| + | ** Static IP: bind static IP to an username. | ||
| + | * "Concurrent Logins": maximum concurrent sessions of this user. No limit by default. | ||
| + | * "MAC Binding": supports "dynamic binding" and "static binding". | ||
| + | ** Static: this user can only be connected from the bound MAC addresses. Multiple MACs are separated by commas. | ||
| + | ** Dynamic1: bind this user to MAC address of the first time connection. | ||
| + | ** Dynamic3: automatically bind the first three authenticated mac addresses. | ||
| + | ** Dynamic5: automatically bind the first five authenticated mac addresses. | ||
| + | ** Automatic IP-MAC binding: automatically add IP-MAC addresses to "IP-MAC binding". | ||
| + | * Expired users can not access any authentication service. | ||
| + | * PPPoE properties are only valid to PPPoE users. | ||
| + | ** "Bandwidth Limit": limit this user's real-time bandwidth rate. | ||
| + | ** "Static IP": assign a static ip address to this user when this user is connected via pppoe or VPN. | ||
| + | [[File:Faq_en_account001.png|600px]] | ||
| + | |||
| + | == Third Party Accounts == | ||
| + | Users authenticated via third party authentication services will be listed. You can click "delete" to delete expired users. | ||
| + | * Third party authentication | ||
| + | ** "Email Authentication". | ||
| + | ** "Ldap Authentication". | ||
| + | ** "Radius Authentication". | ||
| + | * Access Type: | ||
| + | ** webauth: access via [[webauth|Web Auth]]. | ||
| + | ** pppoe: access via [[pppoe|PPPoE]]. | ||
| + | ** vpn: access via [[VPN|VPN]]. | ||
| + | |||
| + | [[File:Faq_account004.png|800px]] | ||
| + | |||
| + | == Login History == | ||
| + | Login history of users. | ||
| + | |||
| + | [[File:Faq_account003.png|800px]] | ||
| + | |||
| + | == Settings == | ||
| + | === Password Complexity and Expiry === | ||
| + | * Password Complexity. The following four password complexity requirements are supported: | ||
| + | ** None: No complexity requirements for passwords. | ||
| + | ** Basic level: The minimum length is 6. Common weak passwords, keyboard character sequences, repeated keys more than 3 times, and account name information are not allowed. | ||
| + | ** Intermediate level: On the basis of meeting the basic level, it also requires a minimum length of 8 and must contain 3 or more types of characters (uppercase letters, lowercase letters, numbers, special characters). | ||
| + | ** High strength: On the basis of meeting the basic level, it also requires a minimum length of 12 and must contain all 4 types of characters (uppercase letters, lowercase letters, numbers, special characters). | ||
| + | * Password Expiry. When password is expired, user will be redirected to password page upon successful logon. | ||
| + | |||
| + | [[File:Faq_account005.png|800px]] | ||
| + | |||
| + | == FAQ == | ||
Latest revision as of 10:58, 20 August 2025
Contents |
[edit] 1 Introduction
This module defines WFilter NGF's local accounts of, which can be used for:
For example, you can choose usernames in "Applied to" targets for polices:
[edit] 2 New Local Account
You need to configure account's username, password, valid date, group, sessions, mac binding, access priviledge and pppoe properties.
- Supported access type:
- "Concurrent Logins": maximum concurrent sessions of this user. No limit by default.
- "MAC Binding": supports "dynamic binding" and "static binding".
- Static: this user can only be connected from the bound MAC addresses. Multiple MACs are separated by commas.
- Dynamic1: bind this user to MAC address of the first time connection.
- Dynamic3: automatically bind the first three authenticated mac addresses.
- Dynamic5: automatically bind the first five authenticated mac addresses.
- Automatic IP-MAC binding: automatically add IP-MAC addresses to "IP-MAC binding".
- Expired users can not access any authentication service.
- PPPoE properties are only valid to PPPoE users.
- "Bandwidth Limit": limit this user's real-time bandwidth rate.
- "Static IP": assign a static ip address to this user when this user is connected via pppoe or VPN.
[edit] 3 Third Party Accounts
Users authenticated via third party authentication services will be listed. You can click "delete" to delete expired users.
- Third party authentication
- "Email Authentication".
- "Ldap Authentication".
- "Radius Authentication".
- Access Type:
[edit] 4 Login History
Login history of users.
[edit] 5 Settings
[edit] 5.1 Password Complexity and Expiry
- Password Complexity. The following four password complexity requirements are supported:
- None: No complexity requirements for passwords.
- Basic level: The minimum length is 6. Common weak passwords, keyboard character sequences, repeated keys more than 3 times, and account name information are not allowed.
- Intermediate level: On the basis of meeting the basic level, it also requires a minimum length of 8 and must contain 3 or more types of characters (uppercase letters, lowercase letters, numbers, special characters).
- High strength: On the basis of meeting the basic level, it also requires a minimum length of 12 and must contain all 4 types of characters (uppercase letters, lowercase letters, numbers, special characters).
- Password Expiry. When password is expired, user will be redirected to password page upon successful logon.
