Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
colivero
Staff
Staff

Created on ‎08-01-2018 07:21 AM Edited on ‎04-06-2022 11:07 AM By Anonymous

Technical Note: Fortigate: Admin login with remote Radius and vdom access profile

Description

This article describes that in FortiOS v5, one may observe ‘authentication failure’ pop-up when an admin user attempt to authenticate thanks to a Radius server.
 
The following debug commands do NOT indicate why authentication fails.
 
diag debug app fnbamd -1
diag debug app radius -1

Scope



Solution
Verify which FGT interface receives the admin login request.
 
If the Login packet lands on a ‘root’ interface, the Radius server send back the required Fortinet 12356 vsa’s, and must add the string (‘root’) into the vsa Fortinet-Vdom-Name 3
ATTRIBUTE Fortinet-Group-Name 1 string (‘group-name’)
ATTRIBUTE Fortinet-Access-Profile 6 string (‘profile-name’)
ATTRIBUTE Fortinet-Vdom-Name 3 string (‘vdom-name’+ ‘root’)
 
If the packet lands on a ‘vdom-name’ interface, Radius server send back only the following vsa’s:
ATTRIBUTE Fortinet-Group-Name 1 string (‘group-name’)
ATTRIBUTE Fortinet-Access-Profile 6 string (‘profile-name’)
ATTRIBUTE Fortinet-Vdom-Name 3 string (‘vdom-name’)

Related Articles

Technical Tip: Remote admin login with Radius selecting admin access account profile

3352
0 Kudos
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.