Created on 10-28-2011 06:20 AM Edited on 01-04-2022 01:46 PM By Anonymous
Description
This article explains how to enable an Admin user that is unable to authenticate with RADIUS, when the connecting interface is not in the same VDOM as the RADIUS group.
Scope
Solution
FGT60C3G10009763 (interface) # show
config system interface edit "dmz" set vdom "root" set ip 10.10.10.50 255.255.255.0 set allowaccess ping https ssh fgfm set type physical set alias "Internal LAN" next edit "wan2" set vdom test set ip 172.31.224.208 255.255.254.0 set allowaccess ping https ssh telnet fgfm set type physical next edit "wan1" set vdom "root" set ip 192.168.182.208 255.255.254.0 set allowaccess ping https ssh fgfm set type physical next edit "internal" set vdom "test" set ip 10.147.0.208 255.255.254.0 set allowaccess ping https ssh fgfm set type physical next end |
FGT60C3G10009763 (ha) # show
config system ha set mode a-p set ha-mgmt-status enable set ha-mgmt-interface "wan2" set override disable end |
config user radius edit "router2_root" set auth-type pap set secret fortinet set server "192.168.183.2" set use-management-vdom enable next end |
config user group edit "Router2_Group_root" set member "router2_root" next end |
config system admin edit "Radius_Accounts" set remote-auth enable set accprofile "super_admin" set vdom "root" set wildcard enable set remote-group "Router2_Group_root" next end |
config system admin edit "admin1" set remote-auth enable set accprofile "super_admin" set vdom "root" set wildcard enable set remote-group "group1" set radius-vdom-override enable <-------------------- next end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.