Hi Everyone,
I have a client who has Aruba wireless solution, we have configured ClearPass to send radius accounting to the Fortigate firewall for BYOD wireless users and i do see the radius info on the firewall (user wireless username and IP address). However the users does not match any of the RSSO firewall groups i have created.
Herewith the config:
edit "RSSO_Agent_CPPM" set timeout 5 set radius-coa disable set h3c-compatibility disable set username-case-sensitive disable set password-renewal disable set password-encoding auto set rsso enable set rsso-radius-server-port 1813 set rsso-radius-response enable set rsso-validate-request-secret enable set rsso-secret ENC 3NiaXtXYFFMccGnSky0v0BS9dbwputkWWIz4yNvMQ/MdOtpZ0hSv8Dpwx5pMs/pBtltGOA5VJL79wtaHU0TvzYHT1PDk9fDqMlHIcgstlVnoJGvkle+HKA6Pnuv5upMT6i3U/KEDMGPlBiYqp0BypUOIiB6tZsfQ/33ZDCTtw5YnkbKB8kQnKvcETyEwoXkM1CmRWQ== set rsso-endpoint-attribute User-Name unset rsso-endpoint-block-attribute set sso-attribute Filter-Id set sso-attribute-key '' set sso-attribute-value-override enable set rsso-context-timeout 28800 set rsso-log-period 0 set rsso-log-flags protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other set rsso-flush-ip-session disable set rsso-ep-one-ip-only disable next end config user group edit "RSSO-SG-FG-AdvancedAuthenticated" <--- set group-type rsso set authtimeout 0 set sso-attribute-value "SG-FG-ADVANCEDAUTHENTICATED" next edit "RSSO-SG-FG-ExcoAuthenticated" <--- set group-type rsso set authtimeout 0 set sso-attribute-value "SG-FG-EXCOAUTHENTICATED" next end
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Did you check "Firewall User Monitor" ? You should see for users under "Method" - "Radius Single-Sign-On" and important to see under "User Group" the names of your Radius groups. We had an issue , we didn't see just "User Group" names. We downgraded firmware (to 6.2.2) and RSSO was fine, after upgraded back (to 6.2.3) we still had successfully detected RSSO User groups. Now we are using 6.2.4 - RSSO works fine.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.