Can not access radius server from fortigate

Forum|Forum|7 years ago
October 1, 2018
2 replies
25733 views

I am trying to make authentication using free radius server with fortigate , I can send ping between fortigate and ubuntu machine which freeradius run on it , but when I trying to add radius server from USER,Devices section the server can not be reach , and there is no any request coming to free radius from fortigate ,I don;t know why is that , I can send ping but can not reach radius server

FortiGate

Toshi_Esumi

SuperUser

I don't where you're looking at to see the error. But you can check RADIUS connectivity at GUI, User & Device->RADIUS Servers->edit "server_name" and "Test Connectivity" button. When you hit it and enter one of username/passwd of users, you should see RADIUS request then reply (UDP 1812 on server side) in "diag sniffer packet any 'host SERVER_IP' 4" like below:

19.058198 lan out 192.168.1.254.3949 -> 172.16.1.1.1812: udp 52 20.060076 lan in 172.16.1.11.1812 -> 192.168.1.254.3949: udp 20

If you don't see them, something is wrong with the RADIUS config on the FGT. Not much to configure though; server IP, seret pass, and nas-ip generally.

emnoc

New Member

I would check logs on radius server and client. If the secret is wrong, or wrong defined service-port, or if the system set for DTLS-TLS these will generate almost no response back to the radius-client. You can dump on packet captures to see the radius-accept/reject messages.