FAC-WiFi Users connect to SSID without username and password.

Mohammedsalhi · ‎10-04-2023

Dear team,

I have FortiGate configured as a Radius client and FAC as a Radius Server, the SSID use the Radius profiles for domain Wi-Fi authentication, however, it is requested to authenticate the WiFi Domain users without entering their domain credentials when they connect to WIFI SSID which has the Rduais profile defined.

it should be authenticated by using machine information.

I would appreciate any advice on how to accomplish this.

rbraha · ‎10-04-2023

Hi @Mohammedsalhi ,please take a look of the below documentation, it might help.

https://docs.fortinet.com/document/fortiauthenticator/6.5.0/cookbook/197391/creating-a-wireless-gues...

ebilcari · ‎10-08-2023

Using EAP-TLS that will use certificates instead of credentials is always preferred as it's more secure but it's also a bit complex to deploy the certificates and configure the supplicant on the end host. In windows setups, GPO can be used to make it transparent to the end user. This can be used both for user or machine authentication.

If TLS is not feasible for this setup you can use PEAP with machine authentication only. Every domain joined PC will have machine credentials that can be used to authenticate. FortiAuthenticator need to be joined in the domain in order to verify this machine credentials and from the LDAP configuration make sure to also include the OU where the computer accounts resides.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.