AnsweredRADIUS with two groups

Author
Michal
New Member
  • Total Posts : 11
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/09/08 23:08:03
  • Status: offline
2014/11/10 06:56:49 (permalink)
0

RADIUS with two groups

Hi all,
I want to create two groups which will be authenticated with RADIUS server with different level of accesibility to the network.
I know that if I creating authentication with LDAP server I can create two groups and associated them with different groups od LDAP server by specifying indyvidual CN.
Could you tell me, if I could to this the same with RADIUS? If yes, how can I do this?
#1
Jeff_FTNT
Gold Member
  • Total Posts : 228
  • Scores: 21
  • Reward points: 0
  • Joined: 2005/06/14 16:27:00
  • Status: offline
Re: RADIUS with two groups 2014/11/10 15:18:33 (permalink) ☼ Best Answerby Michal 2014/11/13 00:32:18
0
You may set up your Radius server to support Fortinet VSA.
VENDOR		Fortinet	12356

BEGIN-VENDOR Fortinet
ATTRIBUTE Fortinet-Group-Name 1 string
ATTRIBUTE Fortinet-Client-IP-Address 2 ipaddr
ATTRIBUTE Fortinet-Vdom-Name 3 string
ATTRIBUTE Fortinet-Client-IPv6-Address 4 octets
ATTRIBUTE Fortinet-Interface-Name 5 string
ATTRIBUTE Fortinet-Access-Profile 6 string

#
# Integer Translations
#

END-VENDOR Fortinet


FGT can check the return "Fortinet-Group-Name" value "radius_group1" to do group match
config user group
    edit "group_radius"
        set member "vdom1rad"
            config match
                edit 1
                    set server-name "vdom1rad"
                    set group-name "radius_group1"
                next
            end
    next
end
#2
Michal
New Member
  • Total Posts : 11
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/09/08 23:08:03
  • Status: offline
Re: RADIUS with two groups 2014/11/13 00:39:46 (permalink)
0
Thank You.
But I wanna ask what if I couldn't change RADIUS settings?
I think about something like this:
I will create local user account on Fortigate but instruct to check password on RADIUS server.
Then I will associate the policy with this user/users.
 
 
#3
norouzi
Silver Member
  • Total Posts : 63
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/10/27 23:46:47
  • Status: offline
Re: RADIUS with two groups 2014/11/13 02:41:31 (permalink)
0
1-Create a remote radius group.
2-Create a user and enable "match user on RADIUS server" with the name of radius settings
3-Create different user groups with your local users
 
In this case for authentication users should be exist in FortiGate Local User and also in Radius server and password will be used from radius server.
 
 
#4
Jump to:
© 2020 APG vNext Commercial Version 5.5