How to setup and use LDAP/RADIUS servers
1. Set up the LDAP server
Requirements:
- FortiAuthenticator login credentials
To set up the LDAP server:
- In FortiDeceptor Go to System > LDAP Servers.
- Click Create New. The New LDAP Server window opens.
- Configure the LDAP server settings, see LDAP Servers.
You must use the following format for the Distinguished Name field :<root_node>,<subordinate_node>. To find the names of the Root and Subordinate nodes in FortiAuthenticator, by go to LDAP Service > Directory Tree.
2. Setup the RADIUS server
Requirements:
- FortiAuthenticator login credentials
To set up the RADIUS server in FortiDeceptor:
- Go to System > RADIUS Servers.
- Click Create New. The New RADIUS Server window opens.
- Configure the RADIUS server settings. See RADIUS Servers.
In the Primary Secret field enter, fortinet.
3. Create an account in FortiAuthenticator and enable LDAP/RADIUS
You do not need to complete this step if you already have a FortiAuthenticator account.
To enable LDAP/RADIUS:
- In FortiAuthenticator, go to User Management > Local Users and create a new account.
- Enable Allow RADIUS authentication.
- In the Password and Password confirmation fields, enter
fortinet
.
- Go LDAP Service > Directory Tree to enable LDAP.
- Expand the Root node, and then click the green plus symbol next to the Subordinate node. The Create New LDAP entry window opens.
- From the Class dropdown, select Local User (uid).
- Go to User Management > Local Users to verify the RADIUS and LDAP servers are enabled. To do this, check that the Authentication Methods column shows RADIUS and LDAP.
4. Create login account using LDAP/RADIUS accounts from FortiAuthenticator
To create a login account with LDAP/RADIUS:
- In FortiAuthenticator, go to User Management > Local Users and locate an account that has LDAP/RADIUS enabled. To do this, look in the Authentication Methods column for RADIUS and LDAP.
- In FortiDeceptor, go to System > Administrators and click + Create New to create a new administrator. The New Administrator window opens.
- Configure the administrator settings.
The values for the Administrator, Type, and LDAP Server fields must match the user's settings in FortiAuthenticator.
- Log in to FortiDeceptor with the administrator account you created.
- Go to System > Administrators and click + Create New . The New Administrator window opens.
- Create a new administrator and set the Type to RADIUS.
- Log in to FortiDeceptor with the RADIUS administrator account you created.