Skip to main content
Rainer_Stumbaum
Rainer_Stumbaum
New Member
May 8, 2013
Question

User Groups - Using Radius Server with Groups

  • May 8, 2013
  • 7 replies
  • 13292 views
Hi, we are trying to replace our LDAP authentication with RADIUS and want to use the Group Filter on the RADIUS users. RADIUS already works for WiFi for all users without a filter. But we need filtering there as well. diagnose test authserver local wifi-ssid-test testuser testpasswd authenticate user ' testuser' in group ' wifi-ssid-test' succeeded works for local users, but when trying with a RADIUS account it does not work. Configuration looks like this: ... config user group edit " wifi-ssid-test" set member " myRADIUS" " testuser" config match edit 1 set server-name " myRADIUS" set group-name " VPNAdmin" next end next end ... Anybody else done that before? Thanks Rainer

    7 replies

    izatt82
    izatt82
    New Member
    May 8, 2013
    can you explain this further. Is radius auth working or not?
    Rainer_Stumbaum
    Rainer_StumbaumAuthor
    New Member
    May 8, 2013
    Hi, radius auth itself just for a user works fine. What we are trying to establish is a firewall user group to which only some of all of the users on the radius belong. Currently we use LDAP: config user group edit " vpn-ssl-portal-admin-group" set member " myLDAP" config match edit 1 set server-name " myLDAP" set group-name " CN=VPNAdmin,OU=T,OU=Gruppen,DC=ad,DC=corp,DC=local" next end next end We want to try to use RADIUS instead... Cheers Rainer
    izatt82
    izatt82
    New Member
    May 13, 2013
    in the fortigate user group you should be able to assign an AD group if i remember correctly.
    Silver
    Silver
    New Member
    July 15, 2013
    Dear all, i am trying to setting up my wireless user to access the network using their domain credential. i have setting up a radius server and test from firewall to radius server success but user are not able to access the wireless network. invalid authentication can someone help me plz thanks step by step
    MaxCof
    MaxCof
    New Member
    December 6, 2013
    Hello i Reply very later.... But to use authentication with RADIUS and autorization on AD group, You can use a rules on your Radius to return an special attributes radius : you can find the attribute list on : http://docs.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/Servers.068.08.html when you create your user group on firewall , you just specify the radius server to authentication and define the usergroup AD . On this, with the attribute ATTRIBUTE Fortinet-Group-Name 1 string In your access-Accept you need to see attributes : Fortinet-Group-Name = [Your AD group]. Now i have a problem when the user are in multiple usergroup.... If anyone know when i do that.... Thanks !
    izatt82
    izatt82
    New Member
    January 2, 2014
    can you explain further? multi AD groups should not be a problem.
    izatt82
    izatt82
    New Member
    January 2, 2014

    My guide in this post is the best step by step i can give you. https://forum.fortinet.com/FindPost/87480

    Terms & ConditionsAccessibility statement