RADIUS servers
RADIUS servers can be configured in User Management.
The RADIUS servers store users' information including credentials and some attributes. This information can authenticate FortiSRA remote users and provide groups for authorization.
The Radius servers tab contains the following options:
Create |
Select to create a new RADIUS server. |
Edit |
Select to edit the selected RADIUS server. |
Clone |
Select to clone the selected RADIUS server. |
Delete |
Select to delete the selected RADIUS servers. |
Search |
Enter a search term in the search field, then hit |
To create a RADIUS server:
- Go to User Management > Radius Servers, and select Create.
The New RADIUS Server wizard opens.
- Enter the following information, and click Next after each tab:
Configure Settings
Name
The name of the RADIUS server.
Authentication Type
Select either Default or Specify.
If Specify is selected, from the dropdown, select from the following authentication types:
CHAP: Challenge Handshake Authentication Protocol.
MS-CHAP: Microsoft Challenge Handshake Authentication Protocol.
MS-CHAP-V2: Microsoft Challenge Handshake Authentication Protocol version 2.
PAP: Password Authentication Protocol.
Configure Servers
Primary Server
The access request is always be sent to the primary server first. If the request is denied with an
Access-Reject
, then the user authentication fails.IP/Name
The IP address or the FQDN.
Secret
The pre-shared passphrase used to access the RADIUS server.
Secondary Server
If there is no response from the primary server, the access request is sent to the secondary server.
IP/Name
The IP address or the FQDN.
Secret
The pre-shared passphrase used to access the RADIUS server.
- Click Test connection to test the connection to the RADIUS server.
If the credentials to the server are valid, it shows Successful.
-
In the Review tab, verify the information you entered and click Submit to create the RADIUS server.
Use the pen icon to edit tabs.
Alternatively, use the CLI commands to create RADIUS servers. |
CLI configuration to set up a RADIUS server example:
config user radius
edit <radius_server_name>
set server <server_ip>
set secret <secret>
next
end
config authentication scheme
edit "
set method form
set user-database "local-admin-db" <radius_server_name>
next
end
Setting up RADIUS authentication includes the following steps:
- Configure the RADIUS server. Configuring a RADIUS server.
- Adding the RADIUS server to a user group. User groups.
- Configuring a RADIUS user. Creating a user.