Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BlueP
New Contributor II

Created on ‎02-05-2024 06:37 AM

RSSO

 

Hello All, all I've an issue related to configuring third-party access point with radius server MS NPS, to authenticate through the FortiGate firewall by RSSO, I've followed all instructions and guides however, when I try to log in using the NT credentials the logs shows that the traffic is matching in the implicit deny policy and didn't match on RSSO user group policy however the same name is created on FortiGate user groups and on the NPS policy,

Does anyone know how to deal with this issue?

Screenshot_1.pngScreenshot_2.pngScreenshot_3.pngScreenshot_4.pngScreenshot_5.pngScreenshot_6.pngScreenshot_7.pngScreenshot_8.png

Labels:
211
0 Kudos
1 REPLY 1
pminarik
Staff
Staff

Created on ‎02-05-2024 07:06 AM

Who's the source of the RADIUS accounting packets, and who's the intended recipient?

It seems like it's one and the same FortiGate, which seem superfluous. (might as well just deal with authorization via simple RADIUS groups based on group memberships received in Access-Accept)

 

Apart from the above, check the auth table shortly after the user logs in (diag fire auth list), pay attention to whether the RSSO-type session is there at all, and which group it matched to, if any.

There's also live debug for RSSO, "diag debug app radiusd -1".

[ corrections always welcome ]
196
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.