Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
cbevilaqua
New Contributor

Fortigate RADIUS Accounting

Hello,

 

We have a external captive portal with external RADIUS servers.

What's the default RADIUS accounting setting on Fortigate?

It seems that our server is not receiving the RADIUS accounting requests from Fortigate.

Is there some way to view or debug that?

 

Thanks!

3 REPLIES 3
emnoc
Esteemed Contributor III

Fortios does not support radacct . Not a feature

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
jorge_americo

You need a fortiauthenticator.

NSE-4

NSE-4
leszek
New Contributor II

hello cbevilaqua i understand that your configuration works in this way: 1. fortigate redirects user to external captive portal 2. external captive portal sends user credentials back to fortigate 3. fortigate starts communication with external radius server and finally get accept or reject for this user if it works like above you only have to enable accounting in fgt radius server definition - something like this: config user radius     edit "YOUR RADIUS SERVER"             config accounting-server                     edit 1                         set status enable                         set server "x.x.x.x"                         set password xxxxx                     next             end         next end as an example i attached below what fgt sends in real communication (from radius server side - its freeradius). you can see attributes fgt sending in accounting-request start type packet but fgt implements radius standard in good style so you can expect to get accounting type start, interim-update, stop, on and off.

(its not captive portal authentication as yours - its 802.1x eduroam wifi network but it does not matter in this case - fgt is in the same role - its client to radius server). Leszek ------ (277) Sent Access-Accept from RADIUS-SERVER:1812 to FORTIGATE:19349 ..... (278) Received Accounting-Request from FORTIGATE:24706 to RADIUS-SERVER:1813 (278)   Acct-Multi-Session-Id = ... (278)   Acct-Status-Type = Start (278)   Acct-Authentic = RADIUS (278)   User-Name = ... (278)   NAS-IP-Address = ... (278)   Framed-IP-Address = ... (278)   NAS-Identifier = ... (278)   Called-Station-Id = ... (278)   NAS-Port-Type = Wireless-802.11 (278)   NAS-Port = 1 (278)   Calling-Station-Id = ... (278)   Connect-Info = ... (278)   Acct-Session-Id = ... (278)   WLAN-Pairwise-Cipher = ... (278)   WLAN-Group-Cipher = ... (278)   WLAN-AKM-Suite = ... (278)   Class = 0x... (278)   Fortinet-WirelessController-Device-MAC = ... (278)   Fortinet-WirelessController-WTP-ID = ... (278)   Fortinet-WirelessController-Assoc-Time = ... ----

Labels
Top Kudoed Authors