Description |
This article describes how to configure the FortiPortal (FPC) remote authentication by using FortiAuthenticator (FAC) RADIUS service. |
||||||||||||||||||||||||||||||||||||
Scope |
FortiPortal version 6.0. |
||||||||||||||||||||||||||||||||||||
Solution |
FortiPortal.
1) Create Customer Domains: Go to FortiPortal -> Customers -> Domains -> Key in value ->Create
Note: This value will be used in FortiAuthenticator RADIUS User Attributes -> 'Fortinet-tenant-identification'.
2) Get Customer site name: Go to FortiPortal -> Customers -> Sites -> Site Names
Note: These values (site names) will be used in FortiAuthenticator RADIUS User Attributes -> 'Fortinet-fpc-tenant-user-sites'.
3) Enable FortiPortal remote authentication: Go to FortiPortal -> Admin -> Settings -> User Authentication - Select 'Authentication Access to Remote' - Select 'Remote Server to RADIUS' - Enter the value according to the RADIUS server configuration
4) Verify all the values and select 'Submit'.
FortiAuthenticator.
1) Create Local User / Remote User and make sure to enable 'Allow RADIUS authentication'.
2) Next, add following 'RADIUS Attributes' to the user(s) that need login to FortiPortal via RADIUS.
3) Next, create RADIUS Service in FortiAuthenticator: Go to FortiAuthenticator -> RADIUS Service -> Clients -> Create New
4) Create RADIUS Service Policies: Go to FortiAuthenticator -> RADIUS Service -> Policies -> Create New
Test Scenario.
1) Go to FortiPortal GUI and Login with RADIUS user created in FAC
Troubleshooting guide.
1) Check logs from FortiAuthenticator: Go to FortiAuthenticatorLogging -> Log Access -> Logs.
2) Check logs from FortiPortal GUI: Go to FortiPortal -> Admin -> System Log -> Start and then, proceed to login with RADIUS user and capture the logs from System Log.
Alternatively, can check logs from FortiPortal SSH:
# exec shell-
3) If 'Radius Role does not match with FPC role' appears, it is because RADIUS user attribute does not match with FortiPortal RADIUS role.
RADIUS attribute: Fortinet-fpc-user-role. FortiPortal: Admin -> Settings -> User Authentication -> View Radius Roles.
4) If 'There is no domain match for the user entered' appears, it is because RADIUS user attribute does not match with FortiPortal customer domain.
RADIUS attribute: fortinet-tenant-identification. FortiPortal: Customer -> Edit Customer -> Customer Details -> Domains. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.