Configuring authentication for guest wireless users
Guests are assigned temporary user accounts created on a RADIUS server. The RADIUS server stores each user’s group name in the Fortinet-Group-Name attribute. Wireless users are in the group named “wireless”.
The FortiGate unit must be configured to access the RADIUS server.
To configure the FortiGate unit to access the guest RADIUS server - web-based manager
1. Go to User & Device > Authentication > RADIUS Servers and select Create New.
2. Enter the following information and select OK:
Name | guestRADIUS |
Primary Server IP/Name | 10.11.102.100 |
Primary Server Secret | grikfwpfdfg |
Secondary Server IP/Name | Optional |
Secondary Server Secret | Optional |
Authentication Scheme | Use default, unless server requires otherwise. |
Leave other settings at their default values. |
To configure the FortiGate unit to access the guest RADIUS server - CLI
config user radius
edit guestRADIUS
set auth-type auto
set server 10.11.102.100
set secret grikfwpfdfg
end
To configure the user group for guest access - web-based manager
1. Go to User & Device > User > User Groups and select Create New.
2. Enter the following information and then select OK:
Name | guest-group |
Type | Firewall |
Members | Leave empty. |
3. Select Add.
4. Enter
Remote Server | Select guestRADIUS. |
Group Name | Select Specify and then enter wireless |
5. Select OK.
To configure the user group for guest access - CLI
config user group
edit "guest-group"
set member "guestRADIUS"
config match
edit 0
set server-name "guestRADIUS"
set group-name "wireless"
end
end
The user authentication setup will be complete when you select the guest-group user group in the SSID configuration.