Description | This article describes how to configure FortiAuthenticator to integrate Linux Ubuntu (radius client). FortiToken Mobile as two factor authentication. |
Scope | FortiAuthenticator, Linux Ubuntu. |
Solution |
Linux Ubuntu configuration.
sudo apt-get install libpam-radius-auth
sudo nano /etc/pam_radius_auth.conf
sudo nano /etc/pam.d/sshd
sudo nano /etc/ssh/sshd_config
Note: the keyboard-interactive authentication protocol in SSHv2 is effectively the replacement for the challenge-response protocol in SSHv1
systemctl restart sshd
sudo useradd fac_teo
FortiAuthenticator configuration.
Select 'Next' until the end and select 'Save and exit'.
Test result: Login using username + password then it will prompt for FortiToken code.
Verify the log from FortiAuthenticator under Logging -> Logs.
Note:
To help with troubleshooting, additional logs can be gathered from the FortiAuthenticator Debug page. Navigate to https://<FortiAuthenticator-IP-or-FQDN>/debug, then select RADIUS -> Authentication. Make sure to enable debug mode or detailed debug mode to capture the necessary details.
For more debug information, check the documentation: Debug Logs FortiAuthenticator.
Additionally, a packet capture can provide valuable insights into the RADIUS messages exchanged with the client. This capture can be performed through the CLI with the following command:
execute tcpdump -nnvvi any port 1812
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.