Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
buraksahin
New Contributor II

FortiGate Radius issue

Hello everyone

I am using RADIUS server on my FG-200F to login into web gui. I create a  test account and link it to radius profile. I give special admin profile, like creating VLAN, policies etc, to the test account.

The test account can be logged in into FG via RADIUS but its profile is shown as read_only after I login. I can't use the special admin profile with RADIUS, can't change anything on FG. Am I doing something wrong?

5 REPLIES 5
funkylicious
Contributor III

Hi,

Under the admin profile, do : set accprofile-override enable

geek
geek
buraksahin

Done that but still read_only :( 

funkylicious

Can you post the config of the Admin Profile and the User ? Also, what are you using as a RADIUS server ?

geek
geek
buraksahin

Sure. Here is the admin profile config:

config system accprofile
edit "test_profile"
set secfabgrp read
set ftviewgrp read
set authgrp read-write
set sysgrp read-write
set netgrp custom
set loggrp read-write
set fwgrp custom
set vpngrp read
set utmgrp read-write
set wifi read-write
config netgrp-permission
set cfg read
set packet-capture read
set route-cfg read
end
config fwgrp-permission
set policy read-write
set address read-write
set service read-write
set schedule read-write
set others read-write
end
next
end


----- this is the admin profile
config system admin
edit "test.radius"
set remote-auth enable
set accprofile "test_profile"
set vdom "root"
set wildcard enable
set remote-group "hrgrp"
set accprofile-override enable
next
end


For RADIUS, I am using Synology. For cisco switches and unifi, it works as expected

funkylicious

geek
Labels
Top Kudoed Authors