Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssriswadpong
Staff
Staff

Created on ‎07-29-2022 04:03 AM

Article Id 218942

Technical Tip: RSSO is not working with the error logdesc='RADIUS accounting profile not found' reason='Missing profile name'

Description This article describes the RSSO error message logdesc='RADIUS accounting profile not found' reason='Missing profile name' in User Events log.
Scope RSSO in FortiGate and FortiProxy.
Solution

'Missing Profile Name' means FortiGate/FortiProxy does not receive the  RADIUS Attribute Value.

This RADIUS Attribute Value by default is the 'Class' attribute.

The FortiGate/FortiProxy uses the content of this attribute in RADIUS accounting start messages to map a user to a FortiGate group, which then can be used in firewall policies.

 

RADIUS Attribute Value can be set to the other value by:

 

# config user radius

    edit "Local RSSO Agent" 

        set sso-attribute <attribute>

    next

end

 

Example.

A Cisco 9800 Wireless Controller cannot send Class attribute, so 'NAS-Identifier' is used instead of Class attribute.

 

# config user radius set rsso enable

    set rsso-radius-response enable
    set rsso-validate-request-secret enable
    set rsso-secret <secret>
    set rsso-endpoint-attribute User-Name
    set sso-attribute NAS-Identifier

end
717
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.