Technical Tip: Authentication issues may occur due to RADIUS auth-type mismatch after firmware upgrade to v7.4.8

If a RADIUS configuration is present on the FortiGate, and it needs to push the 802.1x profile to the FortiSwitch using the radius group.
After upgrading the FortiGate to v7.4.8, the RADIUS auth type and secret key on FortiSwitch are mismatched.

Change the auth-type on FortiGate:

60F (1) # show
config user radius
    edit "1"
        set server "10.56.241.172"
        set secret ENC k4HQf8yw/DTMF0/ee2w8aNOog4cnzfKXctCahB3NZ1JoNp2L1nvML5Wq9MBWe

7YyIU/n4Om7z3c8Wk8Xq4OxLkyOyiQIufbHrqHcUwwPRpVg9eUjCg3yqHChUo4YZGjfVhy

016zodEHhN3hkpK8IZtNSktc+OyuJ1MHc8iwsqSHMP/jgHDJRhfIFLDhr2e+0iDE/KVlmMjY3dkVA
        set auth-type pap
    next
end
60F (1) # set auth-type ms_chap_v2 <----- Change to ms_chap_v2.

60F (1) # end

Run the debug on the FortiGate:

60F # diagnose debug application flcfgd -1
Debug messages will be on for 30 minutes.
"name":"1",
    "q_origin_key":"1",
    "server":"10.56.241.172",
    "secret":"ENC DEtzTJhW5N8VfSAHBxV\/c8ZSBP9EAasuCe+YSjVmWJsKEkWa3KVibOeXU+h2Pnlcf3ctBRVBrHrUy4

SKeytT4i+0L7aWCkobNzfo2zoGdz3Q2tsKKsatNhFrVqazoR7DVrW9PT1\/D9ZuIX
TVXUgzFjS+IsN8ukarBWFV59EPPZ1x0Tl2",
    "secondary-server":"",
    "secondary-secret":"ENC VAL6QGL4MAChCLIPnEDWPkUgvL\/HRFoRo96OE0JBgF+\/zDPnhdOvUAmWgrQrVhXNudmM5

DiyGwDmrWXK3y2kuvkwA+UslujT3ZTXMtrjv1id2fF7mksCHWsl4TDhnsvmRSZG
ro+wkS3C3+6xLaGzZ56GEU5DOHD3Zmjl32ieR6m2gasL",
    "all-usergroup":"disable",
    "nas-ip":"0.0.0.0",
    "nas-ip6":"::",
    "acct-interim-interval":600,
    "acct-fast-framedip-detect":2,
    "frame-mtu-size":1500,
    "service-type":"",
    "radius-port":1812,
    "auth-type":"ms_chap", <----- Should be ms_chap_v2.
    "addr-mode":"ipv4",
    "source-ip":"0.0.0.0",
    "source-ip6":"::",
    "link-monitor":"disable",
    "link-monitor-interval":15,
    "radius-coa":"disable",
    "radius-coa-secret":"ENC Ty8f4xbf3e0tfSrhv4J3vUGJMGymK\/s6HZDxT0iCmRKma\/45MRzS+JA0aHOEtZBn+vEwyoeN

\/u5K9AJFXsh\/qAwzMxpllsS3O3o30ifLZ6HGomlLiLY6fWEyo8xuhxTwL
cLXwOeVL\/+stf9NACVWLeY4NH7muho1c++FRUVTCSu\/D02y",
    "acct-server":[
    ]
  },

Run the debug on the FortiSwitch:

S108FPTV24007759 # diagnose debug cli 8
S108FPTV24007759 # diagnose debug enzip config file /data/./config/sys_vd_root.conf.gz success!
0: config user radius
0: edit "1"
0: set auth-type ms_chap <----- FortiSwitch received ms_chap config from FortiGate.
0: end
open file 10 to write config
write config file success, prepare to save in flash
zip config file /data/./config/sys_vd_root.conf.gz success!

This issue has been resolved in:
v7.6.5 (available to download from the Fortinet Support portal). Refer to bug ID 1208846 in the Resolved issues
v8.0.0 (scheduled to be released in April 2026).
These timelines for firmware release are estimated and may be subject to change.

The workaround is to change the RADIUS setting on the FortiSwitch manually.