Description
This article expands upon the FortiAuthenticator administration guide here:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/704851/user-managem...
It illustrates in greater detail how to configure multiple domains as realms and include them in one RADIUS client policy.
Solution
FortiAuthenticator allows one RADUS client to authenticate against multiple domains by use of the Realm feature.
Realms can be configured as seen here: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/485114/realms
Realms can refer to remote authentication servers (different LDAP or RADIUS servers for different domains, for example), or to the local FortiAuthenticator database.
Once realms are configured, however, it needs to be bound into the RADIUS client profile.
This can be done as follows:
Multiple realms can be added, and one realm can be set as default.
Users will need to authenticate with the domain (and the realm on FortiAuthenticator needs to have the same name as the domain), in the specified input format.
If users do not specify the domain/realm, the FortiAuthenticator will only try to authenticate the users against the default realm.
Related Article:
