03-24-2020 10:59 AM
Hi folks,
I’m just deploying a DUO solution for one of my customers, install was fine and now I have a issue that I’m trying to setup.
Using a Fortigate:
customer has setup sslvpn using a tunnel - everything works fine DUO send the push to the client and connection is established
Customer setting up a Web Portail - using duo - the same user on the original DUO group does not get to the portal but to the regular default one.
I was thinking in creating a second group only for the portal but my question is :
How should I configure duoRadius to fetch the info ?
TIA
04-22-2020 09:59 AM
Just got off chat with support on a very similar item to this on the Fortinet, and the solution to the issue is to create a second Radius Authenticator on the Forigate, then create an additional Radius_Auto on the proxy. For this new Radius_Auto, give it a new port number, and point it to the AD group that you want to Authenticate against.
04-22-2020 10:14 AM
Thanks Ian,
So in a way, using more than one a portal or using more than a group, implies on adding another radius instance on the Proxy .
Nice !! Thanks for the input .
04-22-2020 11:55 AM
I did find that you need to use the CLI to do the different port (example):
config user radius
edit radius-server-one
set server 192.168.1.1
set secret password
set radius-port 1234
end
04-22-2020 12:11 PM
Yes … this is for the specific radius server port .
You also have , in case you want to change this on the global settings (this for a single Radius)
config system global
set radius_port 1645
end
Thanks again for the input !!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide