Fortimanager fortianalzyer mulitple groups RADIUS?

Forum|Forum|3 years ago
March 15, 2023
1 reply
1238 views

Longer story short. Looking to setup additional group access in these for read access etc etc.(Using existing RADIUS setup that gates and other network devices are using)

Group claims are not being seen on the FAC by these two platforms.

On gates you can assign a user group and then add the group attribute on the gate. On the manager etc there are no groups set themselves... Rather setting up of remote users. When adding multiple RADIUS policies to the FAC for these devices it basically errors out and doesn't select any group, rather the first group within the FAC.

Thanks

Best answer by mclut

Correct.

Currently as it stands the authenticator will only evaluate the top most policy from the analyzer or manager even if the RADIUS user has a set group attribute string set within them.

Edit found the solution. Issue was with multiple policies with same devices within each policy.

Markus_M

Staff & Editor

Hi,

I don't actually follow here. What are you trying to do?

If I understand correctly you want to match expected user groups to RADIUS clients to be evaluated by the FortiAuthenticator?

Best regards,

Markus

mclutAuthorAnswer

New Member

Correct.

Currently as it stands the authenticator will only evaluate the top most policy from the analyzer or manager even if the RADIUS user has a set group attribute string set within them.

Edit found the solution. Issue was with multiple policies with same devices within each policy.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded