Description | This article describes why FortiGate Radius authentication may fail with Microsoft NPS as a Radius server. |
Scope |
FortiGate. |
Solution |
The setup is as follows:
user: test password: ä12345
When trying to use accented characters as above in the password, the authentication fails.
[1329] __fnbamd_rad_send-Sent radius req to server 'Rad_server': fd=14, IP=10.10.1.193(10.10.1.193:1812) code=1 id=17 len=181 user="test" using MS-CHAPv2
This is a limitation for the Microsoft NPS where accented characters if used in passwords will lead to this limitation. The same occurs with symbols like the euro €.
Explained here: https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-best-practices
Note: If using Microsoft NPS with FortiGate as a Radius server, it is advised to not use any accented characters or special symbols in the password. Strictly use Symbols and punctuation of ISO-8859-1 |