RSSO

BlueP · ‎02-05-2024

Hello All, all I've an issue related to configuring third-party access point with radius server MS NPS, to authenticate through the FortiGate firewall by RSSO, I've followed all instructions and guides however, when I try to log in using the NT credentials the logs shows that the traffic is matching in the implicit deny policy and didn't match on RSSO user group policy however the same name is created on FortiGate user groups and on the NPS policy,

Does anyone know how to deal with this issue?

pminarik · ‎02-05-2024

Who's the source of the RADIUS accounting packets, and who's the intended recipient?

It seems like it's one and the same FortiGate, which seem superfluous. (might as well just deal with authorization via simple RADIUS groups based on group memberships received in Access-Accept)

Apart from the above, check the auth table shortly after the user logs in (diag fire auth list), pay attention to whether the RSSO-type session is there at all, and which group it matched to, if any.

There's also live debug for RSSO, "diag debug app radiusd -1".

[ corrections always welcome ]

RSSO

Nominate a Forum Post for Knowledge Article Creation