Chapter 6 Deploying Wireless Networks for FortiOS 5.0 : Wireless network examples : A more complex example : Configuring authentication for guest wireless users
  
Configuring authentication for guest wireless users
Guests are assigned temporary user accounts created on a RADIUS server. The RADIUS server stores each user’s group name in the Fortinet-Group-Name attribute. Wireless users are in the group named “wireless”.
The FortiGate unit must be configured to access the RADIUS server.
To configure the FortiGate unit to access the guest RADIUS server - web-based manager
1. Go to User & Device > Authentication > RADIUS Server and select Create New.
2. Enter the following information and select OK:
Name
guestRADIUS
Primary Server Name / IP
10.11.102.100
Primary Server Secret
grikfwpfdfg
Secondary Server Name / IP
Optional
Secondary Server Secret
Optional
Authentication Scheme
Use default, unless server requires otherwise.
Leave other settings at their default values.
To configure the FortiGate unit to access the guest RADIUS server - CLI
config user radius
edit guestRADIUS
set auth-type auto
set server 10.11.102.100
set secret grikfwpfdfg
end
To configure the user group for guest access - web-based manager
1. Go to User & Device > User > User Group and select Create New.
2. Enter the following information and then select OK:
Name
guest-group
Type
Firewall
Available Users / 
Members
Move guestRADIUS to the Members list.
Match one of these group names
Select Add and fill in the following fields:
Remote Server
Select guestRADIUS.
Group Name
Enter wireless
3. Select Add.
4. Enter
Remote Server
Select guestRADIUS.
Group Name
Select Specify and then enter wireless
To configure the user group for guest access - CLI
config user group
edit "guest-group"
set member "guestRADIUS"
config match
edit 0
set server-name "guestRADIUS"
set group-name "wireless"
end
end
The user authentication setup will be complete when you select the guest-group user group in the SSID configuration.