Fortinet 235 FortiWeb 5.0 Patch 6 Administration Guide
5. Click OK.
6. Return to User > Remote Server > LDAP User, double-click the row of the query, then click
the Test RADIUS button to verify that FortiWeb can connect to the server, and that the query
is correctly configured.
7. If the query is for administrator accounts that you want to allow to access the FortiWeb web
UI, select the query in a remote authentication query group (see “Grouping remote
authentication queries for administrators” on page 218).
If the query is for user accounts that you want to allow to authenticate with web servers, to
activate the user account, you must indirectly include it in a server policy. Continue with
“Grouping users”. (For an overview, see “To configure and activate end-user accounts” on
page 225.)
See also
•Grouping remote authentication queries for administrators
•Configuring LDAP queries
•Configuring NTLM queries
•Configuring access profiles
Configuring NTLM queriesNT LAN Manager (NTLM) queries can be made to a Microsoft Windows or Active Directory
server that is configured for NTLM authentication. FortiWeb supports both NTLM v1 and
NTLM v2.
FortiWeb can use NTLM queries to authenticate and authorize HTTP requests. For more
information, see “Applying user groups to an authorization realm” on page 238.
Authentication
Scheme
Select either:
•Default to authenticate with the default method. The default
authentication scheme uses PAP, MS-CHAP-V2, and CHAP, in
that order.
• MS-CHAP-V2, CHAP, MS-CHAP, or PAP, depending on what your
RADIUS server requires.
NAS IP Type the NAS IP address and Called Station ID (for more information
about RADIUS Attribute 31, see RFC 2548 Microsoft Vendor-specific
RADIUS Attributes). If you do not enter an IP address, the IP address
that the FortiWeb appliance uses to communicate with the RADIUS
server will be applied.
Setting name Description
For access profiles, FortiWeb appliances support RFC 2548 Microsoft Vendor-specific
RADIUS Attributes. If you do not want to use them, you can configure them locally instead.
See “Configuring access profiles” on page 216.