Forward Accounting Packets to Fortiage - need help

Eby Mani eby_km at yahoo.com
Thu Apr 7 17:37:08 CEST 2016 

Thanks Alan, the NAS and Fortigate does RADIUS.

The easiest way for me is to configure NAS to forward RADIUS accounting packets to Fortigate. But my freeRadius is not sending Class attributes in Access-Accept to NAS client, thus NAS client isn't sending any Class info to Fortigate. 

However freeRadius is sending Class attributes in Access-Challenge to NAS !!!.

Is there a command to include Class attributes in Access-Accept ?.

Eby
--------------------------------------------
On Wed, 6/4/16, Alan DeKok <aland at deployingradius.com> wrote:

 Subject: Re: Forward Accounting Packets to Fortiage - need help
 To: "Eby Mani" <eby_km at yahoo.com>, "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
 Date: Wednesday, 6 April, 2016, 4:39 PM
 
 On Apr 6, 2016, at 9:22
 AM, Eby Mani via Freeradius-Users <freeradius-users at lists.freeradius.org>
 wrote:
 > 
 > FreeRADIUS
 Version 2.1.12, Ubuntu 14.04 LTS
 
   You should really upgrade.  2.1.12 is many
 years out of date.
 
 >
 I'm trying to send copy of accounting packets to
 Fortigate. Is there any official documentation / example for
 this ?.
 
   There is a lot
 of documentation on proxying.  There is no documentation
 for "how do I configure vendor X product Y firmware
 Z".
 
   If the product
 does RADIUS, then normal RADIUS configuration will work. 
 If the product doesn't do RADIUS, throw it in the
 garbage and buy one that does RADIUS.
 
 > I'm trying to get "Group"
 info of authenticated users for providing access to other
 networks thru RSSO.
 
  
 Doesl the Fortigate documentation say it returns a group in
 a RADIUS attribute?
 
   If
 not, then it's impossible.
 
 > I configured as per the following blog,
 
 > https://freeradiustips.wordpress.com/2015/02/17/forward-accounting-packets-to-secondary-radius-server/
 
   That's better than
 most, but I'm still amazed at the work people put into
 *not* reading the documentation that comes with
 FreeRADIUS.
 
 > Fortigate interface is
 listening for Radius Accounting packets, yet i'm not
 getting any accounting packets from freeRadius. Not sure
 i've missed anything vital.
 
   Run the server in debugging mode as
 suggested in the FAQ, "man" pages, web pages, and
 daily on this list.
 
   This
 is documented.
 
   Alan
 DeKok.

More information about the Freeradius-Users mailing list