Hello,

I am testing the radius possibilities in the LAB and have a problem with the groups. Probably I missed something if someone could help it would be great.

I have set up a free Radius server for testing: RadL v1.5.

Fortinet attributes were added to the dictionary:

## Fortinet’s VSA’s # VENDOR fortinet 12356 BEGIN-VENDOR fortinet ATTRIBUTE       Fortinet-Group-Name           1   string ATTRIBUTE       Fortinet-Client-IP-Address    2   ipaddr ATTRIBUTE       Fortinet-Vdom-Name            3   string ATTRIBUTE       Fortinet-Client-IPv6-Address  4   string ATTRIBUTE       Fortinet-Interface-Name       5   string ATTRIBUTE       Fortinet-Access-Profile       6   string # # Integer Translations # END-VENDOR Fortinet

(IPv6 address is octet but the RadL does not know this type so I made it to String but it is not used)

I have two users created like this:

aaa     Password = "123456"         Fortinet-Group-Name = user admin   Password = "admin"         Fortinet-Group-Name = admin

When the user is authenticated I can see in the logs that the group name is found:

For the admin user the group-name is admin.

I have two user groups created with the Radius attribute value: user (and another group with: admin).

I have an SSLVPN policy with these two groups and every group has his own SSLVNP porta with different IP address range.

When I connect to the SSLVPN the user is always authenticated but only according to username and password. No group information is there and  all the users are using only one (the first) group.

What I need to set to get this working? Maybe some sso-attribute under the config user radius? But what? It is not clear for me.