Hi there,
Am I imagining it or can RSSO be a little intermittent? I'm in a very busy site but a small proportion of my users are not showing with RSSO group filled. No particular reason so far as I can see. It's picking up the usernames but not the groups.
Any idea of how I can make it more reliable?
Cheers
Jon
Hi,
I would start with checking which users are getting in without group.
And sniff the RADIUS accounting (def.port 1813) to see if expected group membership bearing attribute has something actually set inside. Default group attribute is Class AVP, but it is configurable via 'set sso-attribute' under 'config user radius' object.
Then, what's your unit, FortiOS and accounting traffic rate, roughly ?
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.