Description | This article describes how to configure FortiAuthenticator to integrate Linux Ubuntu (radius client). FortiToken Mobile as two factor authentication. |
Scope | FortiAuthenticator, Linux Ubuntu. |
Solution |
Linux Ubuntu configuration.
sudo apt-get install libpam-radius-auth
sudo nano /etc/pam_radius_auth.conf
sudo nano /etc/pam.d/sshd
sudo nano /etc/ssh/sshd_config
Note: the keyboard-interactive authentication protocol in SSHv2 is effectively the replacement for the challenge-response protocol in SSHv1
systemctl restart sshd
sudo useradd fac_teo
FortiAuthenticator configuration.
Select 'Next' until the end and select 'Save and exit'.
Test result: Login using username + password then it will prompt for FortiToken code.
Verify the log from FortiAuthenticator under Logging -> Logs.
Note:
To help with troubleshooting, additional logs can be gathered from the FortiAuthenticator Debug page. Navigate to https://<FortiAuthenticator-IP-or-FQDN>/debug, then select RADIUS -> Authentication. Make sure to enable debug mode or detailed debug mode to capture the necessary details.
For more debug information, check the documentation: Debug Logs FortiAuthenticator.
Additionally, a packet capture can provide valuable insights into the RADIUS messages exchanged with the client. This capture can be performed through the CLI with the following command:
execute tcpdump -nnvvi any port 1812
|