Hello All, all I've an issue related to configuring third-party access point with radius server MS NPS, to authenticate through the FortiGate firewall by RSSO, I've followed all instructions and guides however, when I try to log in using the NT credentials the logs shows that the traffic is matching in the implicit deny policy and didn't match on RSSO user group policy however the same name is created on FortiGate user groups and on the NPS policy,
Does anyone know how to deal with this issue?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Who's the source of the RADIUS accounting packets, and who's the intended recipient?
It seems like it's one and the same FortiGate, which seem superfluous. (might as well just deal with authorization via simple RADIUS groups based on group memberships received in Access-Accept)
Apart from the above, check the auth table shortly after the user logs in (diag fire auth list), pay attention to whether the RSSO-type session is there at all, and which group it matched to, if any.
There's also live debug for RSSO, "diag debug app radiusd -1".
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.