Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
achu
Staff
Staff

Created on ‎03-03-2025 02:49 AM

Article Id 380006

Technical Tip: How to fix the error 'Login failure the user has not been granted the requested login type at this computer.'

Description

This article describes how to resolve the error message 'Login failure: the user has not been granted the requested login type at this computer' in a Windows server machine using the FortiAuthenticator agent.

 

Image-1.png

 

Image-2.png
Scope

FortiAuthenticator.
Solution

In this setup, the FortiAuthenticator agent is installed on a Windows server to provide two-factor authentication. The user named 'user8' which is part of the group 'AD-Group1' is already added to the Exempt Groups under the Exempt Users Tab but is still unable to connect. 

 

Exempt Users configuration:

 

image-3.png

 

Verify Group membership of user8:

 

Image-4.png

 

Based on the error message the user or group might be in the list of 'Deny login locally'.

In the Windows server, open Local Security Policy, under security Settings -> Local Policies -> User Rights Assignment -> Deny log on locally -> Select the group 'AD-Group1' -> Remove -> OK.

 

Image-5.png


Image-6.png

 

Image-7.png

 

After removing 'Ad-Group1' from the denied list, user8 can log in without any issues.

 

Image-8.png

 

Image-9.png

 

FortiAuthenticator agent logs: 

 

2025-03-03 07:11:53,215 [4460|1068|INFO ] : [Credential.cpp:2065] Credential::GetSerialization: Processing login for TESTDNS\user8. Service is running
2025-03-03 07:11:53,215 [4460|1068|DEBUG] : [Credential.cpp:4285] Credential::CheckExemption for username: user8, domain: TESTDNS
2025-03-03 07:11:53,231 [2132| 26|DEBUG] TwoFactorAuthPlugin: Group exemption lookup skipped - no groups are exempt from 2FA
2025-03-03 07:11:53,231 [2132| 14|DEBUG] FAC_Agent.Service.Impl: Processing LoginRequest for: domain: TESTDNS, username: user8 in session: 5 reason: Login
2025-03-03 07:11:53,231 [2132| 14|DEBUG] TwoFactorAuthPlugin: Received domain: TESTDNS, username: user8
2025-03-03 07:11:53,231 [2132| 14|DEBUG] TwoFactorAuthPlugin: Attempting authentication for user8
2025-03-03 07:11:53,246 [2132| 14|DEBUG] TwoFactorAuthenticator: Authenticate input pars: subj name: FAC-VM0A12001111, host: 10.47.4.32:443, nretries: 3, timeout: 5, allow_on_fail: Allow, verifycert: False, certfile: C:\Program Files\Fortinet\fortinet_ca.crt, admin name: ftnt_user1, Preferred Server
2025-03-03 07:11:53,246 [2132| 14|DEBUG] RestAPI: Initializing RestApi hostname: FAC-VM0A12001111, host: 10.47.4.32:443, verifyCert: False, admin: ftnt_user1
2025-03-03 07:11:53,246 [2132| 41|DEBUG] RestAPI: Calling (REALMAUTH)
2025-03-03 07:11:53,309 [2132| 14|DEBUG] RestAPI: VerifyOTP for user user8 was successful: 200 OK
2025-03-03 07:11:53,309 [2132| 14|DEBUG] TwoFactorAuthenticator: Verification of user (user8) OTP successful: VerifyOTP for user user8 was successful: 200 OK
113
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.