Description
This article describes how to configure radius based authentication having multiple domain AD server using the realm.
Solution
1) Configure the realm matching with the exact name of the domain and select the LDAP server as source.
Example.
configured two domain realm dubailab.lab and dubailab2.lab
This article describes how to configure radius based authentication having multiple domain AD server using the realm.
Solution
1) Configure the realm matching with the exact name of the domain and select the LDAP server as source.
Example.
configured two domain realm dubailab.lab and dubailab2.lab
2) Configure FortiGate as the radius client on FortiAuthenticator and configure the realm as the authentication source for the both the domains.
Authenticate with the domain name.
In the FoutiAuthenticator debug logs, notice that is matching the realm configured for the LDAPserver.
3) Received Access-Request Id 1 from x.x.x.x:1030 to x.x.x.x:1812 length 66.
3) Received Access-Request Id 1 from x.x.x.x:1030 to x.x.x.x:1812 length 66.
NAS-Identifier = "FG240D-2"
(3) User-Name = "dubailab/sslvpn3"
(3) User-Password: ******
(3) # Executing section authorize from file /usr/etc/raddb/sites-enabled/default
: ===>NAS IP:10.40.1.185
===>Username:dubailab/sslvpn3
===>Timestamp:1596271810.205579, age:0ms
: Found authclient from preloaded authclients list for x.x.x.x: fac_radius (x.x.x.x)
authclient_id:5 auth_type:'password'
: Found authpolicy 'x.x.x.x_normal' for client 'x.x.x.x'
:Setting 'Auth-Type := FACAUTH'
: Not doing PAP as Auth-Type is already set.
: (3) # Executing group from file /usr/etc/raddb/sites-enabled/default
: Found authclient from preloaded authclients list for x.x.x.x: fac_radius (x.x.x.x)
: authclient_id:5 auth_type:'password'
: Found authpolicy 'x.x.x.x_normal' for client 'x.x.x.x'
: Realm: dubailab (default realm id: 7) username: sslvpn3
: Realm dubailab goes to remote LDAP, id: 1
: Loaded remote ldap (regular bind) x.x.x.x:389
