Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sivasakthi
New Contributor

How can I set my primary authentication as Radius and secondary as Local

I have integrated my fortigate with the Radius server and working fine,but parallely my local authentication is also working,how shall i set my radius authetication as primary and local as secondary.

2 Solutions
Sivasakthi
New Contributor

After entering the below commands i can be able to set the Radius as primary authentication and while the radius is enabled the local user credentials are not working as i want and so in the absence of radius server my local user credentials are usable.

config system global
set admin-restrict-local disable
set admin-restrict-local enable 
end

View solution in original post

srajeswaran

Adding below article explaining the details for the benefit  of other users who may hit this.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restrict-local-admin-authentication-when-r...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

4 REPLIES 4
rbraha
Staff
Staff

Hi @Sivasakthi 

 

By default FGT will check for every request ,local database first if the user is not found there, then whichever server reply first Radius,Ldap it will proceed further to authenticate users. Probably you could use Realms on SSLVPN setting ,this need to be enabled on Feature visibilities.

Please check the below documentation which explain in detail authentication process .

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-A-quick-guide-to-FortiGate-SSL-VPN-authent...

srajeswaran
Staff
Staff

I think the best approach will be to keep just 1 or 2 local admin accounts and remaining users to use remote login.
or you can configure all accounts as remote/radius and while configuring radius user itself it will ask to specify backup password to use in case radius is not reachable.
image.png

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Sivasakthi
New Contributor

After entering the below commands i can be able to set the Radius as primary authentication and while the radius is enabled the local user credentials are not working as i want and so in the absence of radius server my local user credentials are usable.

config system global
set admin-restrict-local disable
set admin-restrict-local enable 
end

srajeswaran

Adding below article explaining the details for the benefit  of other users who may hit this.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restrict-local-admin-authentication-when-r...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors