Description
If NAS identifier is configured on the RADIUS server, configure the same NAS identifier on the FortiGate as well.
Radius server can Identify the correct RADIUS client and perform the authentication.
This article describes how to configure NAS identifier for RADIUS.
Solution
In FortiGate the default NAS identifier is the hostname of the unit.
If any specific NAS identifier is configured in the RADIUS server, change the hostname of the unit accordingly to match the configured parameter.
From CLI.
#config system global
set hostname <name>
end
From GUI.
Go to System -> Settings and change the hostname.
However a new feature was added in FoS 7.2.4 and higher, allows users to configure the RADIUS NAS-ID as a custom ID as per the below:
config user radius
edit < server >
set nas-id-type { legacy | custom | hostname }**
set nas-id < custom ID >
next
end
- legacy: NAS-ID value is the value previously used by each daemon. This is the default setting.
- custom: NAS-ID value is customized. Set nas-id to enter the custom ID.
-hostname: NAS-ID value is the FortiGate hostname or HA group name if applicable.
Related Article:
Technical Note: Configure RADIUS NAS-identifier for FortiGate HA cluster
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.