Authentication servers, Radius servers, Radius servers” on – Fortinet FortiGate v3.0 MR7 User Manual
Page 15
Authentication servers
RADIUS servers
FortiOS v3.0 MR7 User Authentication User Guide
01-30007-0347-20080828
15
Authentication servers
FortiGate units support the use of authentication servers. If you are going to use
FortiGate authentication servers, you must configure the servers before you
configure FortiGate users or user groups that require them. An authentication
server can provide password checking for selected FortiGate users or it can be
added as a member of a FortiGate user group.
This section describes:
•
•
•
•
RADIUS servers
Remote Authentication and Dial-in User Service (RADIUS) servers provide
authentication, authorization, and accounting functions. FortiGate units use the
authentication and accounting functions of the RADIUS server.
Your RADIUS server listens on either port 1812 or port 1645 for authentication
requests. You must configure it to accept the FortiGate unit as a client.
The RADIUS server user database can be any combination of:
•
user names and passwords defined in a configuration file
•
an SQL database
•
user account names and passwords configured on the computer where the
RADIUS server is installed.
The RADIUS server uses a “shared secret” key to encrypt information passed
between it and clients such as the FortiGate unit.
The FortiGate units send the following RADIUS attributes in the accounting
start/stop messages:
1. Acct-Session-ID
2. User Name
3. NAS-Identifier (FGT hostname)
4. Framed-IP-Address (IP address assigned to the client)
5. Fortinet-VSA (IP address client is connecting from)
6. Acct-Input-Octets
7. Acct-Output-Octets
describes the supported authentication events and the RADIUS attributes
that are sent in the RADIUS accounting message.