Remote authentication: RADIUS

Configure the following in the RADIUS server:

Add the following vendor-specific attributes to the Fortinet dictionary file:

Fortinet-Fpc-User-Role

Fortinet-Fpc-Tenant-Identification

For example, if you are using FreeRADIUS:

#
#       Fortinet's VSAs
#

VENDOR        Fortinet                        12356

BEGIN-VENDOR  Fortinet
ATTRIBUTE     Fortinet-Group-Name                  1  string
ATTRIBUTE     Fortinet-Client-IP-Address           2  ipaddr
ATTRIBUTE     Fortinet-Vdom-Name                   3  string
ATTRIBUTE     Fortinet-Client-IPv6-Address         4  octets
ATTRIBUTE     Fortinet-Interface-Name              5  string
ATTRIBUTE     Fortinet-Access-Profile              6  string
ATTRIBUTE     Fortinet-Fpc-User-Role               40 string ###add this
ATTRIBUTE     Fortinet-Fpc-Tenant-Identification   41 string ###add this

#
# Integer Translations
#

END-VENDOR Fortinet

To configure FortiPortal roles in the RADIUS server, use the following vendor-specific attribute. You can specify multiple roles by using comma-separated values:
VENDORATTR 12356 Fortinet-Fpc-User-Role 40 string
A user will not be able to login to FortiPortal if the roles are not configured on the RADIUS server.
To configure which sites will use RADIUS authentication, use the following vendor-specific attribute. You can specify multiple sites by using comma-separated values. If no sites are specified, users have access to all sites.
VENDORATTR 12356 Fortinet-Fpc-Tenant-User-Sites 42 string
Specify the customer identification, which is used to map a particular user to a customer profile. The RADIUS server will send one of the domain names specified in the Domains field of the customer settings, in the value of the new VSA.
VENDORATTR Fortinet-Fpc-Tenant-Identification 41 string

Configure the following in the RADIUS server:

Add the following vendor-specific attributes to the Fortinet dictionary file:

Fortinet-Fpc-User-Role

Fortinet-Fpc-Tenant-Identification

For example, if you are using FreeRADIUS:

#
#       Fortinet's VSAs
#

VENDOR        Fortinet                        12356

BEGIN-VENDOR  Fortinet
ATTRIBUTE     Fortinet-Group-Name                  1  string
ATTRIBUTE     Fortinet-Client-IP-Address           2  ipaddr
ATTRIBUTE     Fortinet-Vdom-Name                   3  string
ATTRIBUTE     Fortinet-Client-IPv6-Address         4  octets
ATTRIBUTE     Fortinet-Interface-Name              5  string
ATTRIBUTE     Fortinet-Access-Profile              6  string
ATTRIBUTE     Fortinet-Fpc-User-Role               40 string ###add this
ATTRIBUTE     Fortinet-Fpc-Tenant-Identification   41 string ###add this

#
# Integer Translations
#

END-VENDOR Fortinet

To configure FortiPortal roles in the RADIUS server, use the following vendor-specific attribute. You can specify multiple roles by using comma-separated values:
VENDORATTR 12356 Fortinet-Fpc-User-Role 40 string
A user will not be able to login to FortiPortal if the roles are not configured on the RADIUS server.
To configure which sites will use RADIUS authentication, use the following vendor-specific attribute. You can specify multiple sites by using comma-separated values. If no sites are specified, users have access to all sites.
VENDORATTR 12356 Fortinet-Fpc-Tenant-User-Sites 42 string
Specify the customer identification, which is used to map a particular user to a customer profile. The RADIUS server will send one of the domain names specified in the Domains field of the customer settings, in the value of the new VSA.
VENDORATTR Fortinet-Fpc-Tenant-Identification 41 string