Troubleshooting Tip: Error in FortiClient SSL VPN using FortiAuthenticator 'unable to logon to server username or password might not be configured properly (-12)'
Description
This article describes the causes behind the error show in the below image when a user tries to log in to FortiClient SSL VPN. A solution is provided.
In this scenario, FortiAuthenticator acts as a RADIUS server for FortiGate to perform the authentication.
Scope
FortiAuthenticator, FortiClient, FortiGate.
Solution
Make sure that the group name defined in the FortiGate matches the Radius Attribute Value in the FortiAuthenticator user group as depicted in the following images.
In the above image, note that the group name is 'TAC' and that, under RADIUS Attributes -> Fortinet-Group-name, the value is ‘sslvpn’.
Similarly, define the group name as 'sslvpn' in the FortiGate as well under User & Authentication -> User Groups.
From FortiOS v7.4.0, it is possible to check user group information under the SSL VPN monitor. Refer to this FortiGate documentation section for more information.