Staff

Technical Tip: Authenticating local users with EAP‑PEAP protocol

Forum|Forum|30 days ago
May 18, 2026
0 replies
62 views

Description

This article describes the configuration steps required in FortiNAC to enable EAP‑PEAP authentication for local users.

Scope

FortiNAC.

Solution

The details of EAP-PEAP/MSCHAPv2 authentication are covered in Technical Tip: MSCHAPv2 authentication, join FortiNAC in domain and checks.

To achieve the same result with local users in FortiNAC, enable the feature by running the following commands in the CLI:

execute enter-shell
globaloptiontool -name "localRadiusServer.mschapV2LocalUserAuth" -set true

This will add a new control button to the Add/Edit user view (under Additional Details) that can be enabled for specific users: RADIUS -> Local Password Validation (MSCHAPv2).

Related articles:

Technical Tip: MSCHAPv2 authentication, join FortiNAC in domain and checks
Technical Tip: Comprehensive guide for a simple FortiNAC deployment
Technical Tip: FortiNAC RADIUS debug errors and solutions

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded