Radius authenticates but no groups passed back to Fortigate

Evening all,

I have DUO running on prem and working well with my Fortigate SSL VPN.

Does DUO pass back groups an authenticated user is in? When I try add the group in the Fortigate the authentication stops working.

My DUO radius config is 
radius_ip_1 = XX.X.XXX.XXX
radius_ip_2 = XX.X.XXX.XXX
failmode = safe
client = ad_client
pass_through_all = true ;false by default. Added 19/01/2021 CPSS
port = 1812

Is that wht pass_through_all should do?
My test user is in 3 groups in AD and these 3 groups appear in DUO admin console.


Hi Crispin,

Duo has a knowledge base at https://help.duo.com where you can find many articles answering questions like this.

Take a look at this one: Is it possible to use Fortinet FortiGate SSL VPN with Active Directory group membership attributes using the Duo Authentication Proxy?.

1 Like