Staff

Troubleshooting Tip: Custom NAS-ID is not working as expected

Forum|Forum|1 year ago
October 16, 2024
0 replies
520 views

Description

This article describes a solution for a situation where, even though the custom NAS-ID is configured, FortiGate is still sending the hostname as the NAS-ID in 7.2.x versions.

Scope

FortiGate.

Solution

As a new feature in v7.2.0, RADIUS NAS-ID can be configured as a custom or hostname so that FortiGate can use the user NAS-ID in its access-request.

config user radius

    edit < server >
        set nas-id-type custom
        set nas-id Fortinas
    next
end

In the wireshark capture below, it is seen that FortiGate is sending the hostname as NAS-ID, which is not expected.

RADIUS Protocol
Code: Access-Request (1)
Packet identifier: 0x0 (0)
Length: 124
Authenticator: abc3946e1e24169150998e772ef3669e
[The response to this request is in frame 2]
Attribute Value Pairs
AVP: t=NAS-Identifier(32) l=13 val=z0089twofafw
Type: 32
Length: 13
NAS-Identifier: z0089twofafw

In 7.2.x versions, this new feature is only supported on wireless authentication. When using other authentication methods, the custom NAS-ID feature will be supported in version 7.4.2 and above. In order to use any other authentication methods with a custom NAS-ID, upgrade to v7.4.2 or above.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded