802.1x authentication failed: user not found

Forum|Forum|10 years ago
March 22, 2016
1 reply
15524 views

Hi

I am getting an issue when trying to authenticate a device using radius. I have exported the certificate for a user but according to logs they do not exist or cannot be found.

It seems to work perfectly for users synced across AD.

What am I missing?

Carl_Windsor_FTNT

Staff

You don't give enough detail such as where the failing user is stored (local DB?) and if they can authenticate without 802.1x e.g. directly via RADIUS auth. Without more details, I would start to debug as follows:

[ul]

Use a tool like NTRADPing to test RADIUS Auth

If this fails also, check that you have your realms correctly configured for the auth client you are authing from[/ul]

Also going to https://<FAC_IP>/debug/radius/ to look at the extended logs (enable "Enter Debug Mode" for verbose logging but remember to disable after use).

eshaq786Author

New Member

The failed user is a local user stored locally on the fortiauthenticator itself.

We have a remote sync rule to sync across users from AD and these seem to work without a problem. I wouldve though a user created locally would work far more easily.

The realm is setup for local users. The realm is also added to the radius clients but not as default. It is added as the second option.

I've gone into the logs but cannot see an option for enter debug mode.

Carl_Windsor_FTNT

Staff

>I've gone into the logs but cannot see an option for enter debug mode.

Sounds like you may be running an old build. Which version are you running?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded