Technical Tip: RADIUS processing stops in distributed deployment

Description

Scope

Version:  8.5.3, 8.6.1, 8.7.0 and above.

Solution

Addressed in 8.6.4 and 8.7.2 with an additional step of modifying a property file to disable remote host lookups for RADIUS authentication.  For assistance, contact Support.

Note.
The steps below instruct modifying the property file prior to upgrading.  The modification of this file can be done either before or after the upgrade, however, an additional restart of processes on every Primary Control Server will be required if modified after.

1. Log in to CLI as root.
2. Go to the /bsc/campusMgr/master_loader directory.
3. Use an editor such as VI to open the .masterPropertyFile file.
4. Add the following entry and save the file:
   
   FILE_NAME=./properties_plugin/radiusManager.properties
   

   {
   com.bsc.plugin.radius.RadiusServer.disableRemoteClientLookups=true
   }
   
   

    

5. Upgrade appliances. For details, refer to the Upgrade Instructions and Considerations guide in the Fortinet Document Library.
   
   

6. The radiusManager.properties file should now reflect the changes.  To view, login to the appliance CLI and type:
   
   

cat /bsc/campusMgr/master_loader/properties_plugin/radiusManager.properties | grep disableRemoteClientLookups

1. Modify the file as described above (steps 1-4).
   
   
2. Stop processes. Type.
   
   shutdownNAC
   
   
3. Wait 30 seconds.
   
   
4. Start processes. Type.
   
   startupNAC
   
   
5. The radiusManager.properties file reflects now the changes.  To view, login to the appliance CLI and type:
   
   

cat /bsc/campusMgr/master_loader/properties_plugin/radiusManager.properties | grep disableRemoteClientLookups