Technical Tip: How to login as remote RADIUS admin while Push notification is selected in FortiAuthenticator as RADIUS server
Description
This article describes how to log in as a remote RADIUS admin while the Push notification is selected in FortiAuthenticator as a RADIUS server.
Scope
FortiWeb, FortiAuthenticator 6.6.x.
Solution
In order to configure remote RADIUS administrators using FortiAuthenticator as a RADIUS server, see Technical Tip: How to configure FortiWeb Remote Radius Administrators using FortiAuthenticator as RADIUS server.
Step 1: Generally, if any remote RADIUS admin uses Two-factor authentication, a token code prompt appears. For example:
The token needs to be inserted manually.
Step 2: However, if the option 'trigger push without RADIUS challenge' is enabled, the access-challenge does not occur in the authentication process.
While keeping the option enabled, the FortiWeb remote RADIUS admin fails with the following error, and the token code option prompt does not appear.
The admin user needs to concatenate the password and OTP in the initial credential submissions in order to login as a remote RADIUS admin using two-factor authentication. For example:
- password+6 digit OTP -> password123456
Step 3: To see logs in the FortiAuthenticator RADIUS server:
- Open: http://<FAC_IP/debug/
- Select: RADIUS -> Authentication.
- Admin1 Test Authentication Negotiation is visible.
Related article: