I have a really complex network which combines many different components and have to get it run for dot1x WiFi users authenticated via Cisco ISE which checks AD BUT at the same time the FSSO collector needs to grap that info so it can include the WiFi AD user in the fsso list. Cisco uses security group tags which are being send to Fortimanager via pxGrid but fortigate then has to apply new policies for that group. Instead of that if the above scenario works then the wifi user will fall into the existing policies using the AD groups from FSSO. I saw a workaround by sending radius accounting to fsso collector after enabling that feature.
I got the AP cisco meraki to send radius accounting not only to Cisco ISE but also to the server (AD) where the collector is installed. But do not see anything of the collector it self.
First of all, is the above scenario doable and if so is it a way to dig into fsso collector and see logs for radius accounting? Where i am supposed to see the user mapped with the IP show came via the radius accounting.