Configuring A Radius Server - Fortinet FortiGate Series Administration Manual

RADIUS

Configuring a RADIUS server

656
Figure 404: Example RADIUS server list
Create New Add a new RADIUS server. The maximum number is 10.
Name Name that identifies the RADIUS server on the FortiGate unit.
Server Name/IP Domain name or IP address of the RADIUS server.
Delete icon Delete a RADIUS server configuration.
You cannot delete a RADIUS server that has been added to a user group.
Edit icon Edit a RADIUS server configuration.
The RADIUS server uses a "shared secret" key to encrypt information passed between it
and clients such as the FortiGate unit. When you configure a RADIUS server, you can also
configure a secondary RADIUS server. The FortiGate unit attempts authentication with the
primary server first, and if there is no response, uses the secondary server. You can
include the RADIUS server in every user group without including it specifically in user
group configurations.
Note: The server secret key should be a maximum of 16 characters in length.
The RADIUS server can use several different authentication protocols during the
authentication process:
• MS-CHAP-V2 is the Microsoft challenge-handshake authentication protocol v2
• MS-CHAP is the Microsoft challenge-handshake authentication protocol v1
• CHAP (challenge-handshake authentication protocol) provides the same functionality
as PAP, but does not send the password and other user information over the network to
a security server
• PAP (password authentication protocol) is used to authenticate PPP connections. PAP
transmits passwords and other user information in clear text (unencrypted).
If you have not selected a protocol, the default protocol configuration uses PAP, MS-
CHAPv2, and CHAP, in that order.
To add a new RADIUS server, go to User > Remote > RADIUS, select Create New, and
enter or select the following:
Delete
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
User
Edit
• Feedback