Fortinet black logo

Administration Guide

Authenticating an admin user with RADIUS

Copy Link
Copy Doc ID 0f66c6af-cee6-11eb-97f7-00505692583a:110401
Download PDF

Authenticating an admin user with RADIUS

If you want to use a RADIUS server to authenticate administrators, you must configure the authentication before you create the administrator accounts. Do the following:

  1. Configure the FortiSwitch unit to access the RADIUS server.
  2. Configure an administrator to authenticate with a RADIUS server and match the user secret to the RADIUS server entry.
  3. Create the RADIUS user group.
Using the GUI:
  1. Create a RADIUS system admin group:
    1. Go to System > Admin > Administrators.
    2. Select Add Administrator.
    3. In the Name field, enter RADIUS_Admins.
    4. Select Remote.
    5. For the user group, select Radius_group.
    6. Select Wildcard.
    7. For the admin profile, select super_admin.


    8. Select Add.
  2. Create a user:
    1. Go to System > User > Definition.
    2. Select Add User.
    3. In the User Name field, enter RADIUS1.
    4. Select Password from the Type field.
    5. In the Password field and Confirm Password field, enter 6rF7O4/Zf3p2TutNyeSjPbQc73QrS21wNDmNXd/rg9k6nTR6yMhBRsJGpArhle6UOCb7b8InM3nrCeuVETr/a02LpILmIltBq5sUMCNqbR6zp2fS3r35Eyd3IIrzmve4Vusi52c1MrCqVhzzy2EfxkBrx5FhcRQWxStvnVt4+dzLYbHZ.


    6. Select Add.
  3. Create a user group:
    1. Go to System > User > Group.
    2. Select Add Group.
    3. In the Name field, enter RADIUS_Admins.
    4. Select RADIUS1 in the Available Users box and select the right arrow to move it to the Members box.


    5. Select Add Group.
Using the CLI:
  1. Create a RADIUS system admin group:

    config system admin

    edit "RADIUS_Admins"

    set remote-auth enable

    set accprofile "super_admin"

    set wildcard enable

    set remote-group "RADIUS_Admins"

    next

    end

  2. Create a user:

    config user radius

    edit "RADIUS1"

    set secret ENC 6rF7O4/Zf3p2TutNyeSjPbQc73QrS21wNDmNXd/rg9k6nTR6yMhBRsJGpArhle6UOCb7b8InM3nrCeuVETr/a02LpILmIltBq5sUMCNqbR6zp2fS3r35Eyd3IIrzmve4Vusi52c1MrCqVhzzy2EfxkBrx5FhcRQWxStvnVt4+dzLYbHZ

    set addr-mode ipv4

    next

    end

  3. Create a user group:

    config user group

    edit "RADIUS_Admins"

    set member "RADIUS1"

    next

    end

Authenticating an admin user with RADIUS

If you want to use a RADIUS server to authenticate administrators, you must configure the authentication before you create the administrator accounts. Do the following:

  1. Configure the FortiSwitch unit to access the RADIUS server.
  2. Configure an administrator to authenticate with a RADIUS server and match the user secret to the RADIUS server entry.
  3. Create the RADIUS user group.
Using the GUI:
  1. Create a RADIUS system admin group:
    1. Go to System > Admin > Administrators.
    2. Select Add Administrator.
    3. In the Name field, enter RADIUS_Admins.
    4. Select Remote.
    5. For the user group, select Radius_group.
    6. Select Wildcard.
    7. For the admin profile, select super_admin.


    8. Select Add.
  2. Create a user:
    1. Go to System > User > Definition.
    2. Select Add User.
    3. In the User Name field, enter RADIUS1.
    4. Select Password from the Type field.
    5. In the Password field and Confirm Password field, enter 6rF7O4/Zf3p2TutNyeSjPbQc73QrS21wNDmNXd/rg9k6nTR6yMhBRsJGpArhle6UOCb7b8InM3nrCeuVETr/a02LpILmIltBq5sUMCNqbR6zp2fS3r35Eyd3IIrzmve4Vusi52c1MrCqVhzzy2EfxkBrx5FhcRQWxStvnVt4+dzLYbHZ.


    6. Select Add.
  3. Create a user group:
    1. Go to System > User > Group.
    2. Select Add Group.
    3. In the Name field, enter RADIUS_Admins.
    4. Select RADIUS1 in the Available Users box and select the right arrow to move it to the Members box.


    5. Select Add Group.
Using the CLI:
  1. Create a RADIUS system admin group:

    config system admin

    edit "RADIUS_Admins"

    set remote-auth enable

    set accprofile "super_admin"

    set wildcard enable

    set remote-group "RADIUS_Admins"

    next

    end

  2. Create a user:

    config user radius

    edit "RADIUS1"

    set secret ENC 6rF7O4/Zf3p2TutNyeSjPbQc73QrS21wNDmNXd/rg9k6nTR6yMhBRsJGpArhle6UOCb7b8InM3nrCeuVETr/a02LpILmIltBq5sUMCNqbR6zp2fS3r35Eyd3IIrzmve4Vusi52c1MrCqVhzzy2EfxkBrx5FhcRQWxStvnVt4+dzLYbHZ

    set addr-mode ipv4

    next

    end

  3. Create a user group:

    config user group

    edit "RADIUS_Admins"

    set member "RADIUS1"

    next

    end