Use these CLI commands to verify Active Directory (AD) binding and test user authentication on Zyxel firewalls. Covers legacy USG FLEX (ZLD) and USG FLEX H (uOS) models. For ZLD, use debug domain-auth to validate the AD profile; for uOS, use cmd aaa/cmd ldap-check to test AD and LDAP access.

USG FLEX (ZLD) — AD bind & user test

You can use the following commands to verify that:

debug domain-auth test profile-name [ad profile name] username [username] password [password]

Example

Check successful

Router> debug domain-auth test profile-name ad username test password 12345678
Using short domain name -- BE
Joined 'BGO-ZYXEL-NXC' to dns domain 'test.your-domain.com'
/usr/sbin/winbindd -s /var/zyxel//ZyXELad.conf
ntlm_auth --username=test --password=12345678
NT_STATUS_OK: Success (0x0)
/usr/bin/killwinbind ad

Check failed

Router> debug domain-auth test profile-name ZyXEL_AD username zt01806 password 12345678
The configure is not ok!

Which means you have to check the configuration on the firewall or windows server.