Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
anderson_yee
Staff
Staff

Created on ‎06-25-2024 01:50 AM

Article Id 322330

Troubleshooting Tip: Incorrect Remote RADIUS User Authenticated as a Local User Group Member

Description This article describes the solution when a remote RADIUS user is incorrectly authenticated as a local user group member.
Scope FortiOS, RADIUS authentication.
Solution

For example, two user groups (LOCAL and RADIUS) are configured on FortiGate as below:
LOCAL user group has a local user: 'local1'.
RADIUS user group has a remote RADIUS user: 'radius'.


pic1.png

The issue happens when the RADIUS user ('radius') is incorrectly authenticated as the 'LOCAL' user group member even though it is not configured as one of the members.


pic2.png

This issue is related to 'set all-usergroup' settings being enabled under RADIUS server configuration on FortiGate.

  • Enabling this feature will automatically include this RADIUS server in ALL user groups (including local user groups).
  • Disabling this feature will resolve this issue and prevent RADIUS users from being incorrectly authenticated as a local user group member.

    pic3.png

User 'radius' should only be authenticated as a 'RADIUS' group member and not as a 'LOCAL' group member after disabling the feature.

pic4.png
520
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.