Technical Tip: Understanding the log message 'Authentication failed, invalid user'

Event ID 20101 describes that the Fortiauthenticator had checked the third-party authentication server but the server returned indicating that the queried username or account is not found or invalid. 

The sample system event message(s) will be looked like below:

• Example from a third-party LDAP server:

logid=20101 cat="Event" subcat="Authentication" level="information" nas="x.x.x.x10" action="Authentication" status="Failed" msg="Remote LDAP user authentication from y.y.y.y (chap) with no token failed: invalid user" user="testuser"

• Example from a Windows AD server:

logid=20101 cat="Event" subcat="Authentication" level="information" nas="x.x.x.1" action="Authentication" status="Failed" msg="Windows AD user authentication from y.y.y.y (mschap) with no token failed: invalid user" user="testuser"

When event ID 20101 is spotted it could be related to one of the following issues:

1. Incorrect configuration such as the 'Username attribute' used to query the username. By default all new LDAP configuration uses 'sAMAccountName' but 'cn' is also commonly used in this field. Do check with the respective LDAP admin regarding the correct query attribute for FortiAuthenticator.
2. Authenticated to the wrong third-party server. Do check the log message, especially the 'msg' field regarding the IP address that responded to the authentication request. If multiple authentication server is configured, focus on the log message with the correct remote authentication server IP address.