Maximum key length for MS Windows 2008 is 128 bytes. Microsoft Windows Server 2000, 2003, and 2008 have RADIUS support built-in.
Microsoft specific RADIUS features are defined in RFC 2548.
Multiple Forti Gate units can use a single Forti Authenticator for FSSO, remote authentication, and Forti Token management.
For more information, see the Forti Authenticator Administration Guide.
There are three main parts to RBAC: role assignment, role authorization, and transaction authorization.
This dictionary is typically supplied by the client or server vendor. The Forti Gate unit RADIUS VSA dictionary is supplied by Fortinet and is available through the Fortinet Knowledge Base ( or through Technical Support.
Fortinet’s dictionary for Forti OS 4.0 and up is configured this way: ## Fortinet’s VSA’s # VENDOR fortinet 12356 BEGIN-VENDOR fortinet ATTRIBUTE Fortinet-Group-Name 1 string ATTRIBUTE Fortinet-Client-IP-Address 2 ipaddr ATTRIBUTE Fortinet-Vdom-Name 3 string ATTRIBUTE Fortinet-Client-IPv6-Address 4 octets ATTRIBUTE Fortinet-Interface-Name 5 string ATTRIBUTE Fortinet-Access-Profile 6 string # # Integer Translations # END-VENDOR Fortinet Note that using the Fortinet-Vdom-Name, users can be tied to a specific VDOM on the Forti Gate unit.
The RADIUS user database is commonly an SQL or LDAP database, but can also be any combination of: When a configured user attempts to access the network, the Forti Gate unit will forward the authentication request to the RADIUS server which will match the username and password remotely.
Once authenticated the RADIUS server passes the authorization granted message to the Forti Gate unit which grants the user permission to access the network.Some major vendors, such as Microsoft, have published their VSAs, however many do not.