Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FAC-WiFi Users connect to SSID without username and password.

Dear team,


I have FortiGate configured as a Radius client and FAC as a Radius Server, the SSID use the Radius profiles for domain Wi-Fi authentication, however, it is requested to authenticate the WiFi Domain users without entering their domain credentials when they connect to WIFI SSID which has the Rduais profile defined.


it should be authenticated by using machine information.


I would appreciate any advice on how to accomplish this.




Using EAP-TLS that will use certificates instead of credentials is always preferred as it's more secure but it's also a bit complex to deploy the certificates and configure the supplicant on the end host. In windows setups, GPO can be used to make it transparent to the end user. This can be used both for user or machine authentication.

computer authentication.PNG

If TLS is not feasible for this setup you can use PEAP with machine authentication only. Every domain joined PC will have machine credentials that can be used to authenticate. FortiAuthenticator need to be joined in the domain in order to verify this machine credentials and from the LDAP configuration make sure to also include the OU where the computer accounts resides.


- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.