Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Custom dictionaries

The custom dictionary list enables you to view built-in vendors and their RADIUS attributes, and create new customized entries.

Go to Authentication > RADIUS Service > Custom Dictionaries to view the list.

Some services can receive information about an authenticated user through RADIUS vendor-specific attributes. FortiAuthenticator user groups and user accounts can include RADIUS attributes for Fortinet and other vendors.

Attributes in user accounts can specify user-related information. For example, the Default attribute Framed-IP-Address specifies the VPN tunnel IP address sent to the user by the Fortinet SSL VPN.

Attributes in user groups can specify more general information, applicable to the whole group. For example, specifying third-party vendor attributes to a switch could enable administrative level login to all members of the Network_Admins group, or authorize the user to the correct privilege level on the system.

To create a new custom RADIUS attribute vendor, open the Custom Vendors view and select Create New where you are prompted to upload a RADIUS dictionary file.

To add RADIUS attributes to a user or group:
  1. Go to Authentication > User Management > Local Users and select a user account to edit, or go to Authentication > User Management > User Groups and select a group to edit.
  2. In the RADIUS Attributes section, select Add Attribute. The Create New User Group RADIUS Attribute or Create New User RADIUS Attribute window opens.
  3. Select the appropriate Vendor and Attribute ID, then enter the attribute’s value in the Value field.
  4. Select OK to add the new attribute to the user or group.
  5. Repeat the above steps to add additional attributes as needed.

Custom dictionaries

The custom dictionary list enables you to view built-in vendors and their RADIUS attributes, and create new customized entries.

Go to Authentication > RADIUS Service > Custom Dictionaries to view the list.

Some services can receive information about an authenticated user through RADIUS vendor-specific attributes. FortiAuthenticator user groups and user accounts can include RADIUS attributes for Fortinet and other vendors.

Attributes in user accounts can specify user-related information. For example, the Default attribute Framed-IP-Address specifies the VPN tunnel IP address sent to the user by the Fortinet SSL VPN.

Attributes in user groups can specify more general information, applicable to the whole group. For example, specifying third-party vendor attributes to a switch could enable administrative level login to all members of the Network_Admins group, or authorize the user to the correct privilege level on the system.

To create a new custom RADIUS attribute vendor, open the Custom Vendors view and select Create New where you are prompted to upload a RADIUS dictionary file.

To add RADIUS attributes to a user or group:
  1. Go to Authentication > User Management > Local Users and select a user account to edit, or go to Authentication > User Management > User Groups and select a group to edit.
  2. In the RADIUS Attributes section, select Add Attribute. The Create New User Group RADIUS Attribute or Create New User RADIUS Attribute window opens.
  3. Select the appropriate Vendor and Attribute ID, then enter the attribute’s value in the Value field.
  4. Select OK to add the new attribute to the user or group.
  5. Repeat the above steps to add additional attributes as needed.