Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Rainer_Stumbaum
New Contributor

User Groups - Using Radius Server with Groups

Hi, we are trying to replace our LDAP authentication with RADIUS and want to use the Group Filter on the RADIUS users. RADIUS already works for WiFi for all users without a filter. But we need filtering there as well. diagnose test authserver local wifi-ssid-test testuser testpasswd authenticate user ' testuser' in group ' wifi-ssid-test' succeeded works for local users, but when trying with a RADIUS account it does not work. Configuration looks like this: ... config user group edit " wifi-ssid-test" set member " myRADIUS" " testuser" config match edit 1 set server-name " myRADIUS" set group-name " VPNAdmin" next end next end ... Anybody else done that before? Thanks Rainer
FGT620B Active-Passive Cluster (v4.0,build0689,140731 (MR3 Patch 18)) FGT80C Active-Passive Cluster (v4.0,build0689,140731 (MR3 Patch 18)) FAP220B (FAP22B-v5.0-build075)
FGT620B Active-Passive Cluster (v4.0,build0689,140731 (MR3 Patch 18)) FGT80C Active-Passive Cluster (v4.0,build0689,140731 (MR3 Patch 18)) FAP220B (FAP22B-v5.0-build075)
7 REPLIES 7
izatt82
New Contributor

can you explain this further. Is radius auth working or not?
Rainer_Stumbaum
New Contributor

Hi, radius auth itself just for a user works fine. What we are trying to establish is a firewall user group to which only some of all of the users on the radius belong. Currently we use LDAP: config user group edit " vpn-ssl-portal-admin-group" set member " myLDAP" config match edit 1 set server-name " myLDAP" set group-name " CN=VPNAdmin,OU=T,OU=Gruppen,DC=ad,DC=corp,DC=local" next end next end We want to try to use RADIUS instead... Cheers Rainer
FGT620B Active-Passive Cluster (v4.0,build0689,140731 (MR3 Patch 18)) FGT80C Active-Passive Cluster (v4.0,build0689,140731 (MR3 Patch 18)) FAP220B (FAP22B-v5.0-build075)
FGT620B Active-Passive Cluster (v4.0,build0689,140731 (MR3 Patch 18)) FGT80C Active-Passive Cluster (v4.0,build0689,140731 (MR3 Patch 18)) FAP220B (FAP22B-v5.0-build075)
izatt82
New Contributor

in the fortigate user group you should be able to assign an AD group if i remember correctly.
Silver
New Contributor

Dear all, i am trying to setting up my wireless user to access the network using their domain credential. i have setting up a radius server and test from firewall to radius server success but user are not able to access the wireless network. invalid authentication can someone help me plz thanks step by step
MaxCof
New Contributor

Hello i Reply very later.... But to use authentication with RADIUS and autorization on AD group, You can use a rules on your Radius to return an special attributes radius : you can find the attribute list on : http://docs.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/Servers.068.08.html when you create your user group on firewall , you just specify the radius server to authentication and define the usergroup AD . On this, with the attribute ATTRIBUTE Fortinet-Group-Name 1 string In your access-Accept you need to see attributes : Fortinet-Group-Name = [Your AD group]. Now i have a problem when the user are in multiple usergroup.... If anyone know when i do that.... Thanks !
izatt82
New Contributor

can you explain further? multi AD groups should not be a problem.
izatt82
New Contributor

My guide in this post is the best step by step i can give you. https://forum.fortinet.com/FindPost/87480

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors