Configuring authentication for guest wireless users
Guests are assigned temporary user accounts created on a RADIUS server. The RADIUS server stores each user’s group name in the Fortinet-Group-Name attribute. Wireless users are in the group named “wireless”.
The FortiGate unit must be configured to access the RADIUS server.
To configure the FortiGate unit to access the guest RADIUS server - web-based manager
1. Go to User & Device > Authentication > RADIUS Server and select Create New.
2. Enter the following information and select OK:
Name | guestRADIUS |
Primary Server Name / IP | 10.11.102.100 |
Primary Server Secret | grikfwpfdfg |
Secondary Server Name / IP | Optional |
Secondary Server Secret | Optional |
Authentication Scheme | Use default, unless server requires otherwise. |
Leave other settings at their default values. |
To configure the FortiGate unit to access the guest RADIUS server - CLI
config user radius
edit guestRADIUS
set auth-type auto
set server 10.11.102.100
set secret grikfwpfdfg
end
To configure the user group for guest access - web-based manager
1. Go to User & Device > User > User Group and select Create New.
2. Enter the following information and then select OK:
Name | guest-group |
Type | Firewall |
Available Users / Members | Move guestRADIUS to the Members list. |
Match one of these group names | Select Add and fill in the following fields: |
Remote Server | Select guestRADIUS. |
Group Name | Enter wireless |
3. Select Add.
4. Enter
Remote Server | Select guestRADIUS. |
Group Name | Select Specify and then enter wireless |
To configure the user group for guest access - CLI
config user group
edit "guest-group"
set member "guestRADIUS"
config match
edit 0
set server-name "guestRADIUS"
set group-name "wireless"
end
end
The user authentication setup will be complete when you select the guest-group user group in the SSID configuration.