Created on 08-01-2018 07:21 AM Edited on 04-06-2022 11:07 AM By Anonymous
Description
diag debug app fnbamd -1diag debug app radius -1
Scope
Solution
Verify which FGT interface receives the admin login request.If the Login packet lands on a ‘root’ interface, the Radius server send back the required Fortinet 12356 vsa’s, and must add the string (‘root’) into the vsa Fortinet-Vdom-Name 3ATTRIBUTE Fortinet-Group-Name 1 string (‘group-name’)ATTRIBUTE Fortinet-Access-Profile 6 string (‘profile-name’)ATTRIBUTE Fortinet-Vdom-Name 3 string (‘vdom-name’+ ‘root’)If the packet lands on a ‘vdom-name’ interface, Radius server send back only the following vsa’s:ATTRIBUTE Fortinet-Group-Name 1 string (‘group-name’)ATTRIBUTE Fortinet-Access-Profile 6 string (‘profile-name’)ATTRIBUTE Fortinet-Vdom-Name 3 string (‘vdom-name’)
Related Articles
Technical Tip: Remote admin login with Radius selecting admin access account profile
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.