Fortinet white logo
Fortinet white logo

Administration Guide

Configure profiles

Configure profiles

Access the RADIUS Settings from System > Settings > Authentication or System > Quick Start > Authentication Settings. Add a profile for each RADIUS Server. The first RADIUS Server added becomes the primary server by default. As more, servers are added, you can modify which server is the primary.

The encryption method for user names and passwords passed between FortiNAC and the RADIUS server must be set to PAP. This affects the following accounts or user names and passwords created on the RADIUS server:

  • The validation account created for communication with FortiNAC and entered in the RADIUS Server Profile configuration.
  • Network users that access the network via the captive portal and are authenticated through RADIUS.
  • Admin UI users authenticated through RADIUS.
  • VPN Users authenticated through RADIUS.

You should be able to communicate with a RADIUS Server in order to add it to the list. For example, if a RADIUS Server is not currently connected to the network and FortiNAC cannot contact it, you will be asked if you want to add the server anyway.

Add a profile

  1. Click System > Settings.
  2. Expand the Authentication folder and click RADIUS. The RADIUS Servers window displays.
  3. Click Add.
  4. Enter the parameters for the RADIUS Server profile.
  5. Click the RADIUS Secret field to enter the RADIUS secret.
  6. Enter the User Name.
  7. Click the Password field to enter the Password information.

    Field

    Definition

    Profile Name

    Name displayed in the RADIUS server list.

    Host Name/IP address

    Host name or IP address of the RADIUS server.

    Note

    If you are generating certificates using a NSRADIUS appliance, the Fully Qualified Domain Name is required.

    RADIUS Secret

    Encryption key used by the RADIUS server to send authentication information.

    Authentication Port

    Port number through which the RADIUS server communicates.

    Accounting Port

    Port number that the RADIUS server uses for the accounting features, if they are used. If your RADIUS server does not use accounting features, leave the check box blank.

    Server Is NSRADIUS Appliance

    Indicates that this is a NSRADIUS Server. Check this box if you have purchased a NSRADIUS server as part of your FortiNAC configuration.

    Option displays only if a NSRADIUS license is installed on the FortiNAC or control server, and when there is no NSRADIUS Server already configured.

    Note

    REST API credentials are required for the Portal Certificate page to generate and download certificates.

    REST API User

    User name for the admin user created on the NSRADIUS server. This user name will be used to communicate with the REST API on the NSRADIUS Server.

    Note

    It is recommended that you configure the REST API user.

    REST API Password

    Password for the NSRADIUS admin user that will allow the FortiNAC server to communicate with the REST API on the NSRADIUS Server.

    Appears when the Server Is NSRADIUS Appliance check box is selected.

    Last Modified By

    User name of the last user to modify the RADIUS Server.

    Last Modified Date

    Date and time of the last modification to this RADIUS Server.

    Validation Account

    User Name

    User name for verifying access to the RADIUS Server. This field is required, but only used when there are multiple RADIUS Servers configured. You must create an account on the RADIUS Server that is used by FortiNAC to communicate with that Server. The encryption method must be set to PAP.

    Password

    Password for verifying access to the RADIUS server. This field is required.

  8. New servers are saved automatically.
  9. Repeat as needed for additional RADIUS servers.

Modify a profile

  1. Click System > Settings.
  2. Expand the Authentication folder and click RADIUS.
  3. Select the RADIUS Server profile and click Modify.
  4. Make the changes. Changes are saved automatically.

Delete a profile

  1. Click System > Settings.
  2. Expand the Authentication folder and click RADIUS.
  3. Select the RADIUS Server profile and click Delete.

Configure profiles

Configure profiles

Access the RADIUS Settings from System > Settings > Authentication or System > Quick Start > Authentication Settings. Add a profile for each RADIUS Server. The first RADIUS Server added becomes the primary server by default. As more, servers are added, you can modify which server is the primary.

The encryption method for user names and passwords passed between FortiNAC and the RADIUS server must be set to PAP. This affects the following accounts or user names and passwords created on the RADIUS server:

  • The validation account created for communication with FortiNAC and entered in the RADIUS Server Profile configuration.
  • Network users that access the network via the captive portal and are authenticated through RADIUS.
  • Admin UI users authenticated through RADIUS.
  • VPN Users authenticated through RADIUS.

You should be able to communicate with a RADIUS Server in order to add it to the list. For example, if a RADIUS Server is not currently connected to the network and FortiNAC cannot contact it, you will be asked if you want to add the server anyway.

Add a profile

  1. Click System > Settings.
  2. Expand the Authentication folder and click RADIUS. The RADIUS Servers window displays.
  3. Click Add.
  4. Enter the parameters for the RADIUS Server profile.
  5. Click the RADIUS Secret field to enter the RADIUS secret.
  6. Enter the User Name.
  7. Click the Password field to enter the Password information.

    Field

    Definition

    Profile Name

    Name displayed in the RADIUS server list.

    Host Name/IP address

    Host name or IP address of the RADIUS server.

    Note

    If you are generating certificates using a NSRADIUS appliance, the Fully Qualified Domain Name is required.

    RADIUS Secret

    Encryption key used by the RADIUS server to send authentication information.

    Authentication Port

    Port number through which the RADIUS server communicates.

    Accounting Port

    Port number that the RADIUS server uses for the accounting features, if they are used. If your RADIUS server does not use accounting features, leave the check box blank.

    Server Is NSRADIUS Appliance

    Indicates that this is a NSRADIUS Server. Check this box if you have purchased a NSRADIUS server as part of your FortiNAC configuration.

    Option displays only if a NSRADIUS license is installed on the FortiNAC or control server, and when there is no NSRADIUS Server already configured.

    Note

    REST API credentials are required for the Portal Certificate page to generate and download certificates.

    REST API User

    User name for the admin user created on the NSRADIUS server. This user name will be used to communicate with the REST API on the NSRADIUS Server.

    Note

    It is recommended that you configure the REST API user.

    REST API Password

    Password for the NSRADIUS admin user that will allow the FortiNAC server to communicate with the REST API on the NSRADIUS Server.

    Appears when the Server Is NSRADIUS Appliance check box is selected.

    Last Modified By

    User name of the last user to modify the RADIUS Server.

    Last Modified Date

    Date and time of the last modification to this RADIUS Server.

    Validation Account

    User Name

    User name for verifying access to the RADIUS Server. This field is required, but only used when there are multiple RADIUS Servers configured. You must create an account on the RADIUS Server that is used by FortiNAC to communicate with that Server. The encryption method must be set to PAP.

    Password

    Password for verifying access to the RADIUS server. This field is required.

  8. New servers are saved automatically.
  9. Repeat as needed for additional RADIUS servers.

Modify a profile

  1. Click System > Settings.
  2. Expand the Authentication folder and click RADIUS.
  3. Select the RADIUS Server profile and click Modify.
  4. Make the changes. Changes are saved automatically.

Delete a profile

  1. Click System > Settings.
  2. Expand the Authentication folder and click RADIUS.
  3. Select the RADIUS Server profile and click Delete.