Skip to main content
Mohammedsalhi
Mohammedsalhi
Explorer
October 4, 2023
Question

FAC-WiFi Users connect to SSID without username and password.

  • October 4, 2023
  • 2 replies
  • 1641 views

Dear team,

 

I have FortiGate configured as a Radius client and FAC as a Radius Server, the SSID use the Radius profiles for domain Wi-Fi authentication, however, it is requested to authenticate the WiFi Domain users without entering their domain credentials when they connect to WIFI SSID which has the Rduais profile defined.

 

it should be authenticated by using machine information.

 

I would appreciate any advice on how to accomplish this.

 

 

2 replies

rbraha
Staff
rbraha
Staff
October 4, 2023

Hi @Mohammedsalhi ,please take a look of the below documentation, it might help. 

 

https://docs.fortinet.com/document/fortiauthenticator/6.5.0/cookbook/197391/creating-a-wireless-guest-ssid-on-fortigate

ebilcari
Staff
ebilcari
Staff
October 8, 2023

Using EAP-TLS that will use certificates instead of credentials is always preferred as it's more secure but it's also a bit complex to deploy the certificates and configure the supplicant on the end host. In windows setups, GPO can be used to make it transparent to the end user. This can be used both for user or machine authentication.

computer authentication.PNG

If TLS is not feasible for this setup you can use PEAP with machine authentication only. Every domain joined PC will have machine credentials that can be used to authenticate. FortiAuthenticator need to be joined in the domain in order to verify this machine credentials and from the LDAP configuration make sure to also include the OU where the computer accounts resides.

LDAP-PC.PNG

Emirjon
    Terms & ConditionsAccessibility statement