Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amitkor
New Contributor

Created on ‎01-26-2015 12:06 PM

Radius Authentication

Hello everyone!

Can anyone help with configuring Radius authentication for VPN on fortigate 5.2.1?

 

I want to handle all the users on the Radius server.

When i configure a policy with a single radius user, i connect to the vpn just fine.

When i configure a group with radius as the remote authentication, i get wrong password (log: sslvpn_login_permission_denied). even when i add the same single user to that group i get the same error.

The Radius server is a Windows Server 2012 with NPS enabled. the remote server has the exact same group name as in the windows server.

 

I did read a bit about Radius SSO and thought that this is what i need, but after creating RSSO, it does not appear as a source user under ssl.root interface (it does appear under other interfaces).

 

Regards,

Amit K.

6874
0 Kudos
1 REPLY 1
Jeff_FTNT
Staff
Staff

Created on ‎01-28-2015 08:53 AM

RSSO is different from local Radius server authentication.

 

If you want use Windows 2012 server for RSSO, make sure it send Radius Accounting packet to FGT, FGT will check "framed-ip" attribute and set up authentication for specific user IP.

You may check detail RSSO doc on http://docs.fortinet.com/fortigate/admin-guides. Thanks

1585
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.