Description
This article describe how to can login in FortiAuthenticator as an administrator from an external radius server.
Scope
FortiAuthenticator
Solution
In this article two FortiAuthenticator are used, one is Radius client and the second is a Radius server.
On the second FortiAuthenticator configured as Radius server, the first FortiAuthenticator is added as Radius client and also added in the radius policy.
Other tabs on the radius policy remains the same, only in identity source one can specify realm and user group that has been created before for users imported from AD side.
To import LDAP user from AD and creating realm on FortiAuthenticator, follow this below KB articles . The remote users can have token for 2FA authentication .
On the first FortiAuthenticator , create new radius under Authentication - > Remote Auth. Servers - > Radius - >Create
Under User Management - > Remote Users select Radius - > Create New
Create the new user as administrator and give full access permissions with the same username as the user imported from the second FortiAuthenticator as Radius server .
Create an user group and add this user in this group
Create realm here, with same name as domain and as user source select Radius server.
Go to System Access - > Administration and the section Realm, select the realm and the group that was created before.
Test by logging in using the username: gatuzo and the login was successful.
From the second FortiAuthenticator as radius server check the radius debug logs.
