Fortinet black logo

Administration Guide

Set domain mappings

Copy Link
Copy Doc ID 2cb222d1-3405-11ea-9384-00505692583a:513701
Download PDF

Set domain mappings

If you plan to use the user domain for RADIUS server selection, you must create mappings for the desired domains. First make sure that you have added the RADIUS server profiles. Then, choose one or more RADIUS servers per domain to authenticate users who connect through a specific domain.

If more than one RADIUS server is entered for a single domain, FortiNAC sends the authentication request to the first server in the domain that matches the user's domain. If the RADIUS server does not recognize the user FortiNAC sends the request to the next server in the list with a matching domain and so on until the user is authenticated. If one of the servers does not respond at all FortiNAC sends the request to the next server in the list.

If you have users that do not log in through the domain but need to be authenticated by one of your RADIUS servers, you can enter Domain Mappings with a blank domain field.

If you map RADIUS servers to a blank domain, the primary and secondary servers will never be used because anyone logging in without domain information will match the blank domain.

RADIUS servers mapped to domains take precedence over all other RADIUS server settings.

You must use the FQDN or the server will not be able to authenticate users connecting to the network.

Add mapping

  1. Click System > Settings.
  2. Select RADIUS.
  3. Under RADIUS Domain Mappings, click Add.
  4. Enter the Domain Name to be used for authentication. For example, bbc.com or myuniversity.edu. Users can then log in with any of the following user name formats:

    • User@FQDN (bob@bbc.com)
    • FQDN\User (bbc.com\bob)
  5. Select the RADIUS Server profile from the drop-down list.
  6. Your changes are saved automatically.

Delete mapping

  1. Click System > Settings.
  2. Expand the Authentication folder and click RADIUS.
  3. The RADIUS server defaults and RADIUS domain mappings windows display.
  4. In the RADIUS Domain Mappings window select the mapping to be removed.
  5. Click Delete.

Set domain mappings

If you plan to use the user domain for RADIUS server selection, you must create mappings for the desired domains. First make sure that you have added the RADIUS server profiles. Then, choose one or more RADIUS servers per domain to authenticate users who connect through a specific domain.

If more than one RADIUS server is entered for a single domain, FortiNAC sends the authentication request to the first server in the domain that matches the user's domain. If the RADIUS server does not recognize the user FortiNAC sends the request to the next server in the list with a matching domain and so on until the user is authenticated. If one of the servers does not respond at all FortiNAC sends the request to the next server in the list.

If you have users that do not log in through the domain but need to be authenticated by one of your RADIUS servers, you can enter Domain Mappings with a blank domain field.

If you map RADIUS servers to a blank domain, the primary and secondary servers will never be used because anyone logging in without domain information will match the blank domain.

RADIUS servers mapped to domains take precedence over all other RADIUS server settings.

You must use the FQDN or the server will not be able to authenticate users connecting to the network.

Add mapping

  1. Click System > Settings.
  2. Select RADIUS.
  3. Under RADIUS Domain Mappings, click Add.
  4. Enter the Domain Name to be used for authentication. For example, bbc.com or myuniversity.edu. Users can then log in with any of the following user name formats:

    • User@FQDN (bob@bbc.com)
    • FQDN\User (bbc.com\bob)
  5. Select the RADIUS Server profile from the drop-down list.
  6. Your changes are saved automatically.

Delete mapping

  1. Click System > Settings.
  2. Expand the Authentication folder and click RADIUS.
  3. The RADIUS server defaults and RADIUS domain mappings windows display.
  4. In the RADIUS Domain Mappings window select the mapping to be removed.
  5. Click Delete.