Description | This article describes why FortiGate Radius authentication may fail with Microsoft NPS as Radius server. |
Scope |
Fortigate |
Solution |
The setup is as follow:
1. FortiGate is configured as Radius Client. 2. Microsoft NPS is configured as a Radius server. 3. Following details are being used to log in:
user: test password: ä12345
When trying to use accented characters as above in the password, the authentication fails.
[1329] __fnbamd_rad_send-Sent radius req to server 'Rad_server': fd=14, IP=10.10.1.193(10.10.1.193:1812) code=1 id=17 len=181 user="test" using MS-CHAPv2
This is a limitation for the Microsoft NPS where accented characters if used in passwords will lead to this limitation.
Explained here: https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-best-practices
Note: If using Microsoft NPS with FortiGate as Radius server, it is advised to not use any accented characters in the password.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.