Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1185
Views
1
Helpful
1
Replies

Radius authenticates but no groups passed back to Fortigate

Crispin2
Level 1
Level 1

‎01-19-2021 03:32 PM

Evening all,

I have DUO running on prem and working well with my Fortigate SSL VPN.

Does DUO pass back groups an authenticated user is in? When I try add the group in the Fortigate the authentication stops working.

My DUO radius config is 
radius_ip_1 = XX.X.XXX.XXX
radius_ip_2 = XX.X.XXX.XXX
failmode = safe
client = ad_client
pass_through_all = true ;false by default. Added 19/01/2021 CPSS
port = 1812

Is that wht pass_through_all should do?
My test user is in 3 groups in AD and these 3 groups appear in DUO admin console.

thanks

0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎01-20-2021 11:40 AM

Hi Crispin,

Duo has a knowledge base at https://help.duo.com where you can find many articles answering questions like this.

Take a look at this one: Is it possible to use Fortinet FortiGate SSL VPN with Active Directory group membership attributes using the Duo Authentication Proxy?.

Duo, not DUO.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents