To view the locked-out users, go to Monitor > Authentication > Locked-out Users.
FortiAuthenticator administrators can monitor RADIUS activity and log out a user if they wish.
To view currently active RADIUS accounting sessions, go to Monitor > Authentication > RADIUS Sessions.
The page shows the user's name, type, IP address, MAC address, and RADIUS client, duration, and data usage columns. More specifically, Accounting-Start Interim-Update packets are received. A user session is removed from this table once the Accounting-Stop packet is received, or the session doesn't receive any RADIUS accounting packets before the timeout period expires.
To log out a user as an admin, select the user from the table and select Logoff.
There are two pages to view: Active and Cumulative. Select Cumulative to view statistics for user who have a time and/or data usage limit. This information may be accumulated through a succession of RADIUS accounting sessions. A user's stats are removed when explicitly deleted by the administrator (by selecting the user and selecting Delete), or when the user's account itself is deleted.
While administrators can log out users, they can also reset a user's time and/or data usage using Reset Usage.
|For more information on user time and data usage limits, see Usage Profile.|
RADIUS accounting sessions can be configured to timeout after a specific time period has been reached. To do so, see General.
FortiAuthenticator supports multiple Windows AD server forests, as shown below. A maximum of 20 remote LDAP servers with Windows AD enabled can be configured at once. In addition, you can see when the server was last updated, and an option to reset the connection for individual servers.
To refresh the connection, select Refresh in the toolbar. The server name, IP address, authentication realm, agent, and connection are shown.
To refresh the list, select Refresh in the toolbar. See Machine authentication for more information.
For information on enabling learning RADIUS users, see RADIUS.