Troubleshooting Tip: FortiAuthenticator Cloud (formerly FortiTrust Identity) as RADIUS server ignoring RADIUS requests

When RADIUS authentication against FortiAuthenticator Cloud fails, and the RADIUS log (accessible under https://<FortiAuthenticator_Cloud_URL>/debug) shows the following error:

2026-03-26T06:51:58.520861-07:00 FortiAuthenticator radiusd[20221]: ... new connection request on TCP socket
2026-03-26T06:51:58.520898-07:00 FortiAuthenticator radiusd[20221]: Ignoring request to auth proto tcp address * port 2083 (TLS) bound to server default from unknown client 10.100.100.165 port 59554 proto tcp

The issue is usually that the incoming IP does not match any of the configured RADIUS clients.

The RADIUS client under Authentication -> RADIUS Service -> Clients needs to be altered to reflect the proper client address. In this example, that is 10.100.100.165.

Note: RADIUS authentication may fail, and debug logs do not show any output. In this case, enable debug mode as outlined here: Troubleshooting Tip: How to debug the RADIUS service on FortiAuthenticator for troubleshooting purposes. After enabling debug mode, attempt RADIUS authentication, wait for it to fail, and then check the debug logs again. 

To test RADIUS  authentication from the FortiGate command line:

diagnose test authserver radius <RADIUS server> pap <username> <password>

As an example:

diagnose test authserver radius FACCLD pap test Fortinet2026!

FortiGate should show the following output:

authenticate 'usrfaccld' against 'pap' succeeded, server=primary assigned_rad_session_id=57127530127368 session_timeout=0 secs idle_timeout=0 sec

If it does, authentication is successful.