Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
rarora
Staff
Staff

Created on ‎01-19-2021 10:41 PM Edited on ‎07-27-2023 05:58 AM By Moderator

Article Id 195874

Troubleshooting Tip: Error in FortiClient SSL VPN using FortiAuthenticator 'unable to logon to server username or password might not be configured properly (-12)'

Description


This article describes the causes behind the error show in the below image when a user tries to log in to FortiClient SSL VPN. A solution is provided.

 

In this scenario, FortiAuthenticator acts as a RADIUS server for FortiGate to perform the authentication.

 

Scope

 

FortiAuthenticator, FortiClient, FortiGate.

 

Solution

 

Make sure that the group name defined in the FortiGate matches the Radius Attribute Value in the FortiAuthenticator user group as depicted in the following images.

matanaskovic_0-1637276388668.png

 

In the above image, note that the group name is 'TAC' and that, under RADIUS Attributes -> Fortinet-Group-name, the value is ‘sslvpn’.

 

 

matanaskovic_1-1637276388678.png

 

Similarly, define the group name as 'sslvpn' in the FortiGate as well under User & Authentication -> User Groups.

 

From FortiOS v7.4.0, it is possible to check user group information under the SSL VPN monitor. Refer to this FortiGate documentation section for more information.

 

Related document:
23760
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.