Troubleshooting Tip: Resolve RADIUS Access-Rejects with Error 'No Winbind Domain'

The Winbind feature is required when administrators want to implement the eap-Mschapv2 authentication method.

When either a single or multiple Winbind instances are configured, the following errors might be logged in RADIUS activity events:

Figure 1. Activity events showing Access-Rejects with reason "No Winbind Domain".

In such cases, the Winbind service is enabled and FortiNAC is domain joined, but the RADIUS configuration in use might not have Winbind Domains enabled, or the specific domain may not be selected for authentication.

To solve the issue, go to Network -> RADIUS -> Virtual Servers and select the specific RADIUS configuration. Enable 'Winbind Domains'.

Figure 2. Allowing all Winbind Domains in the "DefaultConfig" Radius Configuration

Related articles:

• Technical Tip: MSCHAPv2 authentication, join FortiNAC in domain and checks
• Technical Tip: Create an additional Winbind instance for a second domain
• Troubleshooting Tip: No Winbind domain match issue when Multiple Domains are in use