Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mle2802
Staff
Staff

Created on ‎10-23-2023 12:03 AM

Article Id 280255

Technical Tip: Pre-window 2000 logon for remote authentication

Description

This article describes how to use pre-window 2000 logon for remote authentication.
Scope FortiGate.
Solution

In some scenarios, clients want to use Pre-window 2000 logon for remote authentication such as SSL VPN. In this case, it is necessary to use the RADIUS server instead of the LDAP server.

For more information about LDAP and RADIUS configuration, refer to these articles:


Technical Tip: How to configure FortiGate to use an LDAP server 
Technical Tip: Configuring FortiGate and Microsoft NPS (Radius with AD authentication) 

When authenticating with the LDAP server using 'domain\username':

 

2023-10-21 09:54:12 [209] fnbamd_comm_send_result-Sending result 1 (nid 0) for req 642979061, len=2540

2023-10-21 09:54:12 [2701:root:c]fam_auth_proc_resp:1358 fnbam_auth_update_result return: 1 (invalue username/password)

2023-10-21 09:54:12 [2701:root:c][fam_auth_proc_resp:1457] Authenticated groups (1) by FNBAM with auth_type (16):

2023-10-21 09:54:12 [2701:root:c]Received: auth_rsp_data.grp_list[0] = 492825600

2023-10-21 09:54:12 [2701:root:c]login_failed:404 user[domain\username],auth_type=16 failed [sslvpn_login_permission_denied]

2023-10-21 09:54:12 [2701:root:c]Transfer-Encoding n/a

2023-10-21 09:54:12 [2701:root:c]Content-Length 237

2023-10-21 09:54:12 [2701:root:c]2023-10-21 09:54:12 [792] destroy_auth_session-delete session 642979061

2023-10-21 09:54:12 [755] __ldap_destroy-

When authenticating with the RADIUS server using 'domain\username':

 

2023-10-21 09:56:02 [1454] fnbamd_auth_handle_radius_result-->Result for radius svr 'Test' 10.10.10.5(1) is 0

2023-10-21 09:56:02 [1616] fnbam_user_auth_group_match-req id: 642979063, server: Test, local auth: 0, dn match: 0

2023-10-21 09:56:02 [1585] __group_match-Group 'RADIUS' passed group matching

2023-10-21 09:56:02 [1588] __group_match-Add matched group 'RADIUS'(5)

2023-10-21 09:56:02 [277] find_matched_usr_grps-Passed group matching

2023-10-21 09:56:02 [209] fnbamd_comm_send_result-Sending result 0 (nid 0) for req 642979063, len=2595

2023-10-21 09:56:02 [2701:root:10]fam_auth_proc_resp:1358 fnbam_auth_update_result return: 0 (success)

2023-10-21 09:56:02 [2701:root:10][fam_auth_proc_resp:1457] Authenticated groups (1) by FNBAM with auth_type (2):

2023-10-21 09:56:02 [2701:root:10]2023-10-21 09:56:02 [792] destroy_auth_session-delete session 642979063

Received: auth_rsp_data.grp_list[0] = 5

2023-10-21 09:56:02 [2701:root:10]fam_auth_proc_resp:1482 found node RADIUS:0:, valid:1, auth:0

2023-10-21 09:56:02 [2701:root:10]Validated: auth_rsp_data.grp_list[0] = RADIUS

2023-10-21 09:56:02 [2701:root:10]Auth successful for user domain\username in group RADIUS
856
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.