Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vijayakumar
New Contributor

FortiSASE is not identifying the user group from the AD Server through the RADIUS server.

FortiSASE is pointing only default profile so only one user group working through Radius Server it is not pointing second profile user group? Can anyone help me on this issue.

 

I have two user group created in the AD Server and add into the Radius Server, so now FortiSASE not identify the two group in the FortiSASE but I configured two groups in the fortisase.

 

 

3 REPLIES 3
Jean-Philippe_P
Moderator
Moderator

Hello vijayakumar, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello again vijayakumar,

 

I found this solution. Can you tell me if it helps, please?

 

To address the issue of FortiSASE not recognizing the two user groups configured in the RADIUS server, follow these steps:

 

  1. Verify AD and RADIUS Configuration:
    - Ensure that both user groups are correctly configured in the Active Directory (AD) and are properly added to the RADIUS server.
    - Check that the RADIUS server is correctly communicating with the AD server and that the user groups are being recognized.

  2. Check FortiSASE Configuration:
    - Go to `Configuration > Profiles` in FortiSASE. - Ensure that both user groups are correctly configured and assigned to the appropriate profiles in FortiSASE.
    - Verify that the profiles are set to match the user groups from the AD server.

  3. Synchronize AD Connection:
    - Go to `Configuration > Domains` in FortiSASE.
    - Click on the AD domain card and click `Sync` to synchronize the AD connection with any updates from the AD server.

  4. Review Profile Assignment:
    - Ensure that the endpoint profiles are prioritized and assigned correctly based on matching AD domain users and groups.
    - Check if the profiles are being assigned based on endpoints assigned to different non-AD groups if applicable.

  5. Test Connectivity: Test the connectivity and authentication for both user groups to ensure they are being recognized by FortiSASE.

 

If the issue persists after following these steps, consider reviewing the logs for any errors or misconfigurations and consult Fortinet support for further assistance.

Jean-Philippe - Fortinet Community Team
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors