Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
ManpreetSingh
Staff
Staff

Created on ‎11-28-2024 02:44 AM

Article Id 360842

Troubleshooting tip: RADIUS Authentication Failure on FortiAuthenticator When NTLM v1 is Disabled on LDAP Server

Description This article describes a solution to resolve the issue of RADIUS authentication failure, when NTLM v1 is disabled on a Windows Server (LDAP server), RADIUS authentication may fail between FortiGate and FortiAuthenticator and LDAP server.
Scope FortiGate, FortiAuthenticator.
Solution

When NTLM v1 is disabled, and the RADIUS protocol on FortiGate radius settings is set as MSCHAPv2, the authentication will fail because MSCHAPV2 uses NTLM v1. 

 

In the topology below, a FortiClient user connecting to FortiGate and FortiGate is using FortiAuthenticator as a RADIUS server for user authentication and FortiAuthenticator is authenticating the users stored on the LDAP server. 

 

image.png

 

 Following config changes are required on FortiGate:

  • Navigate to User & Authentication -> RADIUS server -> Select the RADIUS Server.
  • Ensure the Authentication Protocol is set to Default.

 

image.png

 

Related document:

VPN connections fail when using MS-CHAPv2
888
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.