Skip to main content
Lasse_ju
Lasse_ju
Visitor III
February 7, 2025
Solved

FortiAuthenticator - Radius authentication for administrators.

  • February 7, 2025
  • 3 replies
  • 1269 views

Hi,

I'm looking to add radius authentication for administrators on the FAC in our deployment, currently we're using simple local users.
I would like the Radius request to be sent to a remote radius server, from the FAC. 

The FortiAuthenticator is running version v6.6.2, build1669 (GA).
I can't find any cookbooks or guides on how to enable radius for administrators using a remote radius servers. 

Is anyone able to provide me with either a guide, or some assistance ?
Thanks in advance!

Best answer by Toshi_Esumi

Unless the same RADIUS server is already used for "user" authentication like for SSL VPN with tokens, it should be simple like:
1) set up a Remote Auth. Server w/ RADIUS
2) define Admin users (you need to configure each locally) under User Management->Remote Users->RADIUS with the server you configured in 1) then set Role:Administrator.

We don't/can't do this because we're using the same remote auth server for SSL VPN authentication and we can't set both roles, Administrator and User, for one user. So we still use local admin with a slightly different username from the remote auth server for all admins.
Ours is still 6.5.5 but I'm assuming 6.6.x is quite similar if not the same. Although I didn't find any documentation about that but it was relatively intuitive and I could set it up (although found I couldn't because of the reason above) myself.

Toshi

3 replies

Anthony_E
Staff
Anthony_E
Staff
February 10, 2025

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Best Regards
Toshi_Esumi
SuperUser
Toshi_EsumiAnswer
SuperUser
February 10, 2025

Unless the same RADIUS server is already used for "user" authentication like for SSL VPN with tokens, it should be simple like:
1) set up a Remote Auth. Server w/ RADIUS
2) define Admin users (you need to configure each locally) under User Management->Remote Users->RADIUS with the server you configured in 1) then set Role:Administrator.

We don't/can't do this because we're using the same remote auth server for SSL VPN authentication and we can't set both roles, Administrator and User, for one user. So we still use local admin with a slightly different username from the remote auth server for all admins.
Ours is still 6.5.5 but I'm assuming 6.6.x is quite similar if not the same. Although I didn't find any documentation about that but it was relatively intuitive and I could set it up (although found I couldn't because of the reason above) myself.

Toshi

    Lasse_ju
    Lasse_juAuthor
    Visitor III
    February 10, 2025

    Hi Toshi, 

    Creating the users manually seems to have done the trick, thanks for the assistance!

    Kind regards

    Terms & ConditionsAccessibility statement