Skip to main content
Elena_Madrigal
Elena_Madrigal
New Member
August 11, 2017
Question

Fortigate fails to autenticate with Radius Aruba ClearPass

  • August 11, 2017
  • 1 reply
  • 13077 views

Hello Team

We have a Fortigate 1500D ( with fortiwifi)  5.4.4 Version, We are implementing  a captive portail with external autentication versus a Clearpass Also have a SSID with WPA2 enterprise with de same radius server.

We added the clearpass as radius server and the test result is susccesfully. But when a put this radius server as autenticator of one SSID, The autentication fails. With both .captive portal and with WPA2 Enterprise.

We have tried diferents methods , PAP CHAP, MS-CHAPv2 etc ... And always fail.

When i put another server to autenticate for examplea a LDAP server, The autentication works fine.

I have attached a capture debug with a test user

 

What could be happening? Thanks!

Cheers.

1 reply

Elena_Madrigal
Elena_MadrigalAuthor
New Member
August 17, 2017

Please any idea?

emnoc
emnoc
New Member
August 17, 2017

1: check radius secret

2: check if the radius server is accessible ( layer3/4  ) ...use a packet capture

3: capture the  accept or reject  message  ....again a packet capture

4: use a 3rd party radiustest client to  test the  user/radius secret etc.....

 

That's what I would do.

 

Ken

 

hawada
hawada
New Member
August 11, 2018

Hi Elena,

Is your Clearpass server also integrated with your Domain controller?

What is the error appearing on the Access Tracker?

 

First, integrate your CPPM server with FGT and test the connection between them with the below command:

# diagnose test authserver radius radius-srv pap <username> <password>

you must see a successful result. 

 

After that create your Enforcement profiles and Enforcement policies on clearpass, then create a Service Rule and assign the rules in the attached image and check if it works.

Terms & ConditionsAccessibility statement