Chapter 6 Deploying Wireless Networks for FortiOS 5.0 : Configuring a WiFi LAN : Configuring user authentication : WPA-Enterprise authentication
  
WPA-Enterprise authentication
If your WiFi network uses WPA-Enterprise authentication verified by a RADIUS server, you need to configure the FortiGate unit to connect to that RADIUS server.
Configuring connection to a RADIUS server - web-based manager
1. Go to User & Device > Authentication > RADIUS Server and select Create New.
2. Enter a Name for the server.
This name is used in FortiGate configurations. It is not the actual name of the server.
3. In Primary Server Name/IP, enter the network name or IP address for the server.
4. In Primary Server Secret, enter the shared secret used to access the server.
5. Optionally, enter the information for a secondary or backup RADIUS server.
6. Select OK.
To configure the FortiGate unit to access the RADIUS server - CLI
config user radius
edit exampleRADIUS
set auth-type auto
set server 10.11.102.100
set secret aoewmntiasf
end
To implement WPA-Enterprise security, you select this server in the SSID security settings. See “Configuring security”.
To use the RADIUS server for authentication, you can create individual FortiGate user accounts that specify the authentication server instead of a password, and you then add those accounts to a user group. Or, you can add the authentication server to a FortiGate user group, making all accounts on that server members of the user group.