RADIUS server configuration
Configure the following in the RADIUS server:
- Add the following vendor-specific attributes to the Fortinet dictionary file:
Fortinet-Fpc-User-Role
Fortinet-Fpc-Tenant-Identification
For example, if you are using FreeRADIUS:
# # Fortinet's VSAs # VENDOR Fortinet 12356 BEGIN-VENDOR Fortinet ATTRIBUTE Fortinet-Group-Name 1 string ATTRIBUTE Fortinet-Client-IP-Address 2 ipaddr ATTRIBUTE Fortinet-Vdom-Name 3 string ATTRIBUTE Fortinet-Client-IPv6-Address 4 octets ATTRIBUTE Fortinet-Interface-Name 5 string ATTRIBUTE Fortinet-Access-Profile 6 string ATTRIBUTE Fortinet-Fpc-User-Role 40 string ###add this ATTRIBUTE Fortinet-Fpc-Tenant-Identification 41 string ###add this # # Integer Translations # END-VENDOR Fortinet
- To configure FortiPortal roles in the RADIUS server, use the following vendor-specific attribute. You can specify multiple roles by using comma-separated values:
VENDORATTR 12356 Fortinet-Fpc-User-Role 40 string
A user will not be able to login to FortiPortal if the roles are not configured on the RADIUS server.
- To configure which sites will use RADIUS authentication, use the following vendor-specific attribute. You can specify multiple sites by using comma-separated values. If no sites are specified, users have access to all sites.
VENDORATTR 12356 Fortinet-FPC-Tenant-User-Sites 42 string
- Specify the customer identification, which is used to map a particular user to a customer profile. The RADIUS server will send one of the domain names specified in the Domains field of the customer settings, in the value of the new VSA.
VENDORATTR Fortinet-FPC-Tenant-Identification 41 string
RADIUS Roles
Selecting the View Radius Roles button on the User Authentication pane displays the RADIUS Roles window. Here, you can configure the mapping between FortiPortal roles and RADIUS roles. For each RADIUS role, the page displays the role type (Service Provider or Customer) and a list of FortiPortal roles that map to the RADIUS role.
The RADIUS Roles window contains the following actions:
- Add—open a new page with the form to add a RADIUS role (see immediately below)
- Search—enter text to search for RADIUS role names containing that text
- Show x entries—sets the number of entries that are displayed at once (10, 25, 30, or 50).
- Sort—allows you to sort columns in ascending or descending order.
When you scroll over a entry in the RADIUS role list, the following icons appear in the Action column:
- Edit—opens a new page with the form to edit an existing RADIUS role (see below)
- Delete—deletes the selected RADIUS role
The Add Radius Role and Edit Radius Role dialogs contain the following fields:
Settings |
Guidelines |
---|---|
Role Name |
Names the RADIUS role. The name must match a role name in the RADIUS server. |
Role Type |
Service Provider or Customer |
Available FPC Roles: |
Lists of available FortiPortal roles Use the search box to filter the choices available. |
Selected FPC Roles |
Selects the FortiPortal roles to associate with this RADIUS role Use the search box to filter your selected choices. |