Fortinet white logo
Fortinet white logo

Administration Guide

Configuring a RADIUS server

Configuring a RADIUS server

Remote Authentication and Dial-in User Service (RADIUS) servers provide authentication, authorization, and accounting functions.

FortiTester can use RADIUS queries to authenticate access to the web GUI by administrators and end users.

To authenticate a user or administrator, the FortiTester appliance sends the user’s credentials to RADIUS for authentication. If the RADIUS server replies to the query with a signal of successful authentication, the client is successfully authenticated with the FortiTester appliance. If RADIUS authentication fails or the query returns a negative result, the appliance refuses the connection.

To configure a RADIUS server

  1. Go to System > RADIUS Servers.
  2. Click +Add to display the configuration page.
  3. Configure these settings:

    Name

    Enter a name for the RADIUS server that can be referenced in other parts of the configuration.

    Server IP/Domain

    Enter the IP address or domain of the RADIUS server.

    Server Port

    Enter the port number where the RADIUS server listens to.

    The default port number is 1812.

    Server Secret

    Enter the RADIUS server secret key for the RADIUS server. The server secret key should be a maximum of 16 characters in length.

    Authentication Scheme

    Select either:

    • Default to authenticate with the default method. The default authentication scheme uses PAP, MS-CHAP, and CHAP, in that order.

    • CHAP, MS-CHAP, or PAP, depending on what your RADIUS server requires.

    NAS IP

    Enter the NAS IP address and Called Station ID (for more information about RADIUS Attribute 31, see RFC 2548 (http://www.ietf.org/rfc/rfc2548.txt) Microsoft Vendor-specific RADIUS Attributes). If you do not enter an IP address, the IP address that the FortiTester appliance uses to communicate with the RADIUS server will be applied.

  4. Click OK.
    You can also click Test RADIUS to verify whether FortiTester can connect to the server, and the query is correctly configured.

To add a user with RADIUS authentication

  1. Go to System > Administrators.
  2. Click +Add to display the configuration page.
  3. Configure these settings:

    Name

    Enter a name for the administrator user.

    Role

    Select the admin or tester role.

    Type

    • Match a user on a remote server
      For this option, the user name must be the same as the account name of the selected RADIUS.
    • Match all users in a remote server
      For this option, the user name is an alias name, and users can be authenticated by any account of the selected RADIUS.

    RADIUS Server

    Select the RADIUS Server created in System > RADIUS Servers.

  4. Click Save.

Configuring a RADIUS server

Configuring a RADIUS server

Remote Authentication and Dial-in User Service (RADIUS) servers provide authentication, authorization, and accounting functions.

FortiTester can use RADIUS queries to authenticate access to the web GUI by administrators and end users.

To authenticate a user or administrator, the FortiTester appliance sends the user’s credentials to RADIUS for authentication. If the RADIUS server replies to the query with a signal of successful authentication, the client is successfully authenticated with the FortiTester appliance. If RADIUS authentication fails or the query returns a negative result, the appliance refuses the connection.

To configure a RADIUS server

  1. Go to System > RADIUS Servers.
  2. Click +Add to display the configuration page.
  3. Configure these settings:

    Name

    Enter a name for the RADIUS server that can be referenced in other parts of the configuration.

    Server IP/Domain

    Enter the IP address or domain of the RADIUS server.

    Server Port

    Enter the port number where the RADIUS server listens to.

    The default port number is 1812.

    Server Secret

    Enter the RADIUS server secret key for the RADIUS server. The server secret key should be a maximum of 16 characters in length.

    Authentication Scheme

    Select either:

    • Default to authenticate with the default method. The default authentication scheme uses PAP, MS-CHAP, and CHAP, in that order.

    • CHAP, MS-CHAP, or PAP, depending on what your RADIUS server requires.

    NAS IP

    Enter the NAS IP address and Called Station ID (for more information about RADIUS Attribute 31, see RFC 2548 (http://www.ietf.org/rfc/rfc2548.txt) Microsoft Vendor-specific RADIUS Attributes). If you do not enter an IP address, the IP address that the FortiTester appliance uses to communicate with the RADIUS server will be applied.

  4. Click OK.
    You can also click Test RADIUS to verify whether FortiTester can connect to the server, and the query is correctly configured.

To add a user with RADIUS authentication

  1. Go to System > Administrators.
  2. Click +Add to display the configuration page.
  3. Configure these settings:

    Name

    Enter a name for the administrator user.

    Role

    Select the admin or tester role.

    Type

    • Match a user on a remote server
      For this option, the user name must be the same as the account name of the selected RADIUS.
    • Match all users in a remote server
      For this option, the user name is an alias name, and users can be authenticated by any account of the selected RADIUS.

    RADIUS Server

    Select the RADIUS Server created in System > RADIUS Servers.

  4. Click Save.