We are trying to setup the RSSO with our cisco wlc.
We are sending the radius accounting traffic to the fortigate.
We are seeing the user_names in the logs but the groups are not showing.
Our users connect to the cisco WLC and are auth with the cisco ACS.
I have configured the ACS to send the WLC the correct class attribute, however we hare seeing two class attributes come from the WLC.
61,07:45:16,"10.80.0.254""*****blanked out username****","allow","no log","wifi-staff+CACS:ACS1/311035611/31113113",1,No
ACS1 is the name of our Cisco ACS radius server.
I have also tried sending the accounting traffic from our WLC to NPS and then to the Fortigate.
Same issue.
Is it possible to use a wildcard in the sso-attribute-value?
config user radius edit "RSSO Agent" set rsso enable set rsso-radius-response enable set rsso-validate-request-secret enable set rsso-secret ENC set rsso-endpoint-attribute User-Name next end
edit "RSSO-Wifi-Students" set group-type rsso set sso-attribute-value "wifi-students" next edit "RSSO-Wifi-Staff" set group-type rsso set sso-attribute-value "wifi-staff*" next edit "RSSO-Wifi-PHS-Students" set group-type rsso set sso-attribute-value "wifi-phs-students" next
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
No wildcards, class needs to match the string defined for the rsso-group exactly.
Hi, I am also trying the same thing. How do you send the Accounting info from the ACS server to the fortigate?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.