Fortinet white logo
Fortinet white logo

Administration Guide

How to setup and use LDAP/RADIUS servers

How to setup and use LDAP/RADIUS servers

1. Set up the LDAP server

Requirements:
  • FortiAuthenticator login credentials
To set up the LDAP server:
  1. In FortiDeceptor Go to System > LDAP Servers.
  2. Click Create New. The New LDAP Server window opens.
  3. Configure the LDAP server settings, see LDAP Servers.

    You must use the following format for the Distinguished Name field :<root_node>,<subordinate_node>. To find the names of the Root and Subordinate nodes in FortiAuthenticator, by go to LDAP Service > Directory Tree.

2. Setup the RADIUS server

Requirements:
  • FortiAuthenticator login credentials
To set up the RADIUS server in FortiDeceptor:
  1. Go to System > RADIUS Servers.
  2. Click Create New. The New RADIUS Server window opens.
  3. Configure the RADIUS server settings. See RADIUS Servers.

    Tooltip

    In the Primary Secret field enter, fortinet.

3. Create an account in FortiAuthenticator and enable LDAP/RADIUS

You do not need to complete this step if you already have a FortiAuthenticator account.

To enable LDAP/RADIUS:
  1. In FortiAuthenticator, go to User Management > Local Users and create a new account.
    1. Enable Allow RADIUS authentication.
    2. In the Password and Password confirmation fields, enter fortinet.

  2. Go LDAP Service > Directory Tree to enable LDAP.
  3. Expand the Root node, and then click the green plus symbol next to the Subordinate node. The Create New LDAP entry window opens.

  4. From the Class dropdown, select Local User (uid).

  5. Go to User Management > Local Users to verify the RADIUS and LDAP servers are enabled. To do this, check that the Authentication Methods column shows RADIUS and LDAP.

4. Create login account using LDAP/RADIUS accounts from FortiAuthenticator

To create a login account with LDAP/RADIUS:
  1. In FortiAuthenticator, go to User Management > Local Users and locate an account that has LDAP/RADIUS enabled. To do this, look in the Authentication Methods column for RADIUS and LDAP.
  2. In FortiDeceptor, go to System > Administrators and click + Create New to create a new administrator. The New Administrator window opens.
  3. Configure the administrator settings.
    Note

    The values for the Administrator, Type, and LDAP Server fields must match the user's settings in FortiAuthenticator.

  4. Log in to FortiDeceptor with the administrator account you created.
  5. Go to System > Administrators and click + Create New . The New Administrator window opens.
  6. Create a new administrator and set the Type to RADIUS.

  7. Log in to FortiDeceptor with the RADIUS administrator account you created.

How to setup and use LDAP/RADIUS servers

How to setup and use LDAP/RADIUS servers

1. Set up the LDAP server

Requirements:
  • FortiAuthenticator login credentials
To set up the LDAP server:
  1. In FortiDeceptor Go to System > LDAP Servers.
  2. Click Create New. The New LDAP Server window opens.
  3. Configure the LDAP server settings, see LDAP Servers.

    You must use the following format for the Distinguished Name field :<root_node>,<subordinate_node>. To find the names of the Root and Subordinate nodes in FortiAuthenticator, by go to LDAP Service > Directory Tree.

2. Setup the RADIUS server

Requirements:
  • FortiAuthenticator login credentials
To set up the RADIUS server in FortiDeceptor:
  1. Go to System > RADIUS Servers.
  2. Click Create New. The New RADIUS Server window opens.
  3. Configure the RADIUS server settings. See RADIUS Servers.

    Tooltip

    In the Primary Secret field enter, fortinet.

3. Create an account in FortiAuthenticator and enable LDAP/RADIUS

You do not need to complete this step if you already have a FortiAuthenticator account.

To enable LDAP/RADIUS:
  1. In FortiAuthenticator, go to User Management > Local Users and create a new account.
    1. Enable Allow RADIUS authentication.
    2. In the Password and Password confirmation fields, enter fortinet.

  2. Go LDAP Service > Directory Tree to enable LDAP.
  3. Expand the Root node, and then click the green plus symbol next to the Subordinate node. The Create New LDAP entry window opens.

  4. From the Class dropdown, select Local User (uid).

  5. Go to User Management > Local Users to verify the RADIUS and LDAP servers are enabled. To do this, check that the Authentication Methods column shows RADIUS and LDAP.

4. Create login account using LDAP/RADIUS accounts from FortiAuthenticator

To create a login account with LDAP/RADIUS:
  1. In FortiAuthenticator, go to User Management > Local Users and locate an account that has LDAP/RADIUS enabled. To do this, look in the Authentication Methods column for RADIUS and LDAP.
  2. In FortiDeceptor, go to System > Administrators and click + Create New to create a new administrator. The New Administrator window opens.
  3. Configure the administrator settings.
    Note

    The values for the Administrator, Type, and LDAP Server fields must match the user's settings in FortiAuthenticator.

  4. Log in to FortiDeceptor with the administrator account you created.
  5. Go to System > Administrators and click + Create New . The New Administrator window opens.
  6. Create a new administrator and set the Type to RADIUS.

  7. Log in to FortiDeceptor with the RADIUS administrator account you created.