This article describes how to create a remote wildcard domain admin for FortiMail with FortiAuthenticator as a Radius server.
Scope
FortiAuthenticator, FortiMail.
Solution
In this example, there are 2 domains in FortiMail.
- domain1.test.
- domain2.test.
The objective is to create a remote wildcard admin for a specific domain.
To configure:
Step 1: FortiMail WebGUI (Advanced View) > Profile > Authentication > Radius > New.
Create a new Radius profile and enable ‘Enable remote domain override’.
Step 2: FortiMail WebGUI (Advanced View) > System > Administrator > Edit the existing profile ‘remote_wildcard’.
- Enable this profile.
- Select Authentication type: RADIUS.
- Select RADIUS profile: the newly created profile from 1.
Step 3: On FortiAuthenticator, create 2 domain users. In this example, local user ‘domain1admin’ is an administrator of domain1.test, and ‘domain2admin’ is an administrator of domain2.test. These domain admins will not be able to access the other domain.
FortiAuthenticator WebGUI > Authentication > User Management > Local Users.
After creating the admin account, editing the account, configure the RADIUS Attributes:
- Vendor: Fortinet.
- Attribute ID: Fortinet-Vdom-Name.
- Value: <enter the domain name> (In this example, domain1.test for domain1admin and domain2.test for domain2admin).
Step 4: On FortiAuthenticator, create Radius client and Radius policy.
FortiAuthenticator WebGUI > Radius Service > Clients > Create New for FortiMail.
FortiAuthenticator WebGUI > Radius Service > Policies > Create New for FortiMail.
To verify:
Login FortiMail with domain1admin and check the domain on FortiMail. The account ‘domain1admin’ have access to only domain1.test and the account ‘domain2admin’ have access to only domain2.test.
