Troubleshooting Tip : FortiGate "Invalid Digest" error message when trying to authenticate against a RADIUS server
Description
While troubleshooting authentication problem against a RADIUS server, the FortiGate may receive an "Invalid Digest" error message.
This message can be seen when enabling the following debug from the FortiGate CLI : "diagnose debug application fnbamd –1"
Example:
The output of the authentication daemon shows that an Invalid Digest was detected. The Authenticator field in the RADIUS response would appear to be incorrect.
Solution
This is due to a wrong Shared Secret/ Secret Key between the FortiGate and the RADIUS server.
While troubleshooting authentication problem against a RADIUS server, the FortiGate may receive an "Invalid Digest" error message.
This message can be seen when enabling the following debug from the FortiGate CLI : "diagnose debug application fnbamd –1"
Example:
| fnbamd_radius.c[989] fnbamd_radius_auth_validate_pkt-Invalid digest fnbamd_auth.c[1255] fnbamd_auth_handle_result-Error validating radius rsp fnbamd_fsm.c[1224] handle_auth_rsp-Error (5) for req 1329463296 fnbamd_fsm.c[1303] handle_auth_timeout_with_retry-Session timeout, retry fnbamd_radius.c[789] fnbamd_radius_auth_send-Sent radius req to 192.168.97.15: code=1 id=68 len=140 user="ssl" using MS-CHAPv2 |
The output of the authentication daemon shows that an Invalid Digest was detected. The Authenticator field in the RADIUS response would appear to be incorrect.
Solution
This is due to a wrong Shared Secret/ Secret Key between the FortiGate and the RADIUS server.