Help
FortiAuthenticator
FortiAuthenticator provides access management and single sign on.
kiri
Staff
Staff

Created on ‎01-31-2023 08:45 AM

Article Id 244459

Troubleshooting Tip: Fix 'The AP of portal policy X does not contain client X' error

Description

This article describes how to fix the 'The AP of portal policy X does not contain client X' error seen in the radius auth debug of a captive portal.
Scope Fortiauthenticator 6.X
Solution

Example error:

 

...

(6053109) facauth: ===>Username:portaluser
(6053109) facauth: ===>Timestamp:1674203108.829552, age:0ms
(6053109) facauth: ERROR: The AP of portal policy 20 does not contain client fgt.bogusinc.local
(6053109) Invalid user (facauth: The AP of portal policy 20 does not contain client fgt.bogusinc.local :( [portaluser] (from client localhost port 20)
(6053109) # Executing group from file /usr/etc/raddb/sites-enabled/default
(6053109) Sent Access-Reject Id 254 from 127.0.0.1:1812 to 127.0.0.1:49841 length 20

...

 

This displays because the auth request is coming from an unknown AP. In this case, fgt.bogusinc.local.


The IP of this AP has most likely already been configured on the portal policy, but the configuration does not match the exact source seen in the debug example.


To fix the issue, configure an AP with an FQDN instead, and add it to the captive portal policy as below:

 

fac1.jpg

 

fac2.jpg
218
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.