Hello,
I'm checking the possibility of local RADIUS using local user accounts(the ones created on FortiNAC) for authenticating user in Wireless 802.1x setup. As per my observation, it takes the LDAP user database by default.
Is there any configuration that needs to be done for this to work?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Bala 2493,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hi Bala,
For local authentication in FortiNAC you should use an authentication policy using local configuration:
Policy & Objects>Authentication>>Configuration:
Select authentication method and in the dropdown menu select "local"
Create a policy using this configuration and make sure you host matches the User&Host profile for this policy.
If this helps to get it working as you need, thumbs up are welcome :)
Best regards.
Ezequiel.
Hi Ezequiel,
I'm aware of the Authentication policy and the same has been configured. But with regards to Wireless, how do we authenticate users using FortiNAC's local database instead of LDAP in Local RADIUS setup? Under the RADIUS service logs I see a RADIUS-Reject since it's referring to the LDAP instead of Local database.
As per my understanding, the policy engine is triggered only if a host record is created in FortiNAC but in my case the user doesn't even get connected to the SSID since the RADIUS authentication itself is failing with local credentials.
Regards,
-Bala
Hi Bala,
Have you tried to right-click on the SSID>SSID configuration> and selecting Radius mode as local ?
Which kind of controller are you trying to integrate, we have different deployment guides for different brands.
Reference Manuals:
https://docs.fortinet.com/product/fortinac/8.8
https://docs.fortinet.com/document/fortinac/8.8.0/wifi-802-1x-based-network-using-fortinac-local-rad...
Best regards.
Ezequiel.
Hi Bala,
Can you please configure the following:
1) Create a local user under User& Hosts >> User Accounts and assign it to a new Role (for example local-radius-role).
2) Create a new user group under System >> Groups example:
- Name: Local-User-GRP
- Member Type: User
- Selected Members: "radiususer"
3) Create a new User/Host Profiles (UHP) with the following:
-Who/What by Group: Local-User-GRP
-Who/What by Attribute: User[Role: local-radius-role]
4) Create a Network Access Policy and assign the UHP created to it.
*****
If a reply addresses your issue, please click on "Give Kudos"
*****
Best Regards,
Hawada1
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.