03-24-2020 10:59 AM
Hi folks,
I’m just deploying a DUO solution for one of my customers, install was fine and now I have a issue that I’m trying to setup.
Using a Fortigate:
customer has setup sslvpn using a tunnel - everything works fine DUO send the push to the client and connection is established
Customer setting up a Web Portail - using duo - the same user on the original DUO group does not get to the portal but to the regular default one.
I was thinking in creating a second group only for the portal but my question is :
How should I configure duoRadius to fetch the info ?
TIA
04-22-2020 09:59 AM
Just got off chat with support on a very similar item to this on the Fortinet, and the solution to the issue is to create a second Radius Authenticator on the Forigate, then create an additional Radius_Auto on the proxy. For this new Radius_Auto, give it a new port number, and point it to the AD group that you want to Authenticate against.
04-22-2020 10:14 AM
Thanks Ian,
So in a way, using more than one a portal or using more than a group, implies on adding another radius instance on the Proxy .
Nice !! Thanks for the input .
04-22-2020 11:55 AM
I did find that you need to use the CLI to do the different port (example):
config user radius
edit radius-server-one
set server 192.168.1.1
set secret password
set radius-port 1234
end
04-22-2020 12:11 PM
Yes … this is for the specific radius server port .
You also have , in case you want to change this on the global settings (this for a single Radius)
config system global
set radius_port 1645
end
Thanks again for the input !!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: