If you use a RADIUS query for administrators, separate it from the queries for regular users. Do not combine administrator and user queries into a single entry. Failure to separate queries will allow end-users to have administrative access the FortiWeb web UI and CLI. |
For access profiles, FortiWeb appliances support RFC 2548 Microsoft Vendor-specific RADIUS Attributes. If you do not want to use them, you can configure them locally instead. See “config system accprofile”. |
Variable | Description | Default |
<radius-query_name> | Type a unique name that can be referenced in other parts of the configuration. Do not use spaces or special characters. The maximum length is 35 characters. To display the list of existing queries, type: edit ? Note: This is the name of the query only, not the administrator or end-user’s account name/login, which is defined by either <administrator_name> or username <user_str>. | No default. |
secret <password_str> | Type the RADIUS server secret key for the primary RADIUS server. The primary server secret key should be a maximum of 16 characters in length, but is allowed to be up to 63 characters. | No default. |
server <radius_ipv4> | Type the IP address of the RADIUS server to query for users. | 0.0.0.0 |
server-port <port_int> | Type the port number where the RADIUS server listens. The valid range is from 1 to 65,535. | 1812 |
auth-type {default | chap | ms_chap | ms_chap_v2 | pap} | Type the authentication method. The default option uses PAP, MS-CHAP-V2, and CHAP, in that order. | default |
nas-ip <nas_ipv4> | Type the NAS IP address and called station ID (see RFC 2548 Microsoft Vendor-specific RADIUS Attributes). If you do not enter an IP address, the IP address of the network interface that the FortiWeb appliance uses to communicate with the RADIUS server is applied. | 0.0.0.0 |
secondary-secret <password_str> | Type the RADIUS server secret key for the secondary RADIUS server. The secondary server secret key should be a maximum of 16 characters in length, but is allowed to be up to 63 characters. | No default. |
secondary-server <radius2-ipv4> | Type the IP address of the secondary RADIUS server. | No default. |
secondary-server-port <port_int> | Type the port number where the secondary RADIUS server listens. The valid range is from 1 to 65,535. | 1812 |