User Groups - Using Radius Server with Groups

Rainer_Stumbaum · ‎05-08-2013

Hi, we are trying to replace our LDAP authentication with RADIUS and want to use the Group Filter on the RADIUS users. RADIUS already works for WiFi for all users without a filter. But we need filtering there as well. diagnose test authserver local wifi-ssid-test testuser testpasswd authenticate user ' testuser' in group ' wifi-ssid-test' succeeded works for local users, but when trying with a RADIUS account it does not work. Configuration looks like this: ... config user group edit " wifi-ssid-test" set member " myRADIUS" " testuser" config match edit 1 set server-name " myRADIUS" set group-name " VPNAdmin" next end next end ... Anybody else done that before? Thanks Rainer

FGT620B Active-Passive Cluster (v4.0,build0689,140731 (MR3 Patch 18)) FGT80C Active-Passive Cluster (v4.0,build0689,140731 (MR3 Patch 18)) FAP220B (FAP22B-v5.0-build075)

izatt82 · ‎05-08-2013

can you explain this further. Is radius auth working or not?

Rainer_Stumbaum · ‎05-08-2013

Hi, radius auth itself just for a user works fine. What we are trying to establish is a firewall user group to which only some of all of the users on the radius belong. Currently we use LDAP: config user group edit " vpn-ssl-portal-admin-group" set member " myLDAP" config match edit 1 set server-name " myLDAP" set group-name " CN=VPNAdmin,OU=T,OU=Gruppen,DC=ad,DC=corp,DC=local" next end next end We want to try to use RADIUS instead... Cheers Rainer

FGT620B Active-Passive Cluster (v4.0,build0689,140731 (MR3 Patch 18)) FGT80C Active-Passive Cluster (v4.0,build0689,140731 (MR3 Patch 18)) FAP220B (FAP22B-v5.0-build075)

izatt82 · ‎05-13-2013

in the fortigate user group you should be able to assign an AD group if i remember correctly.

Silver · ‎07-15-2013

Dear all, i am trying to setting up my wireless user to access the network using their domain credential. i have setting up a radius server and test from firewall to radius server success but user are not able to access the wireless network. invalid authentication can someone help me plz thanks step by step

MaxCof · ‎12-05-2013

Hello i Reply very later.... But to use authentication with RADIUS and autorization on AD group, You can use a rules on your Radius to return an special attributes radius : you can find the attribute list on : http://docs.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/Servers.068.08.html when you create your user group on firewall , you just specify the radius server to authentication and define the usergroup AD . On this, with the attribute ATTRIBUTE Fortinet-Group-Name 1 string In your access-Accept you need to see attributes : Fortinet-Group-Name = [Your AD group]. Now i have a problem when the user are in multiple usergroup.... If anyone know when i do that.... Thanks !

izatt82 · ‎01-02-2014

can you explain further? multi AD groups should not be a problem.

izatt82 · ‎01-02-2014

My guide in this post is the best step by step i can give you. https://forum.fortinet.com/FindPost/87480

User Groups - Using Radius Server with Groups

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website