The following are some common RADIUS error codes that might occur when using a FortiGate with an added RADIUS server:

Access-Reject (Code 3).

• Description: The Access-Reject message is sent by the RADIUS server to deny access to a user.
• Possible Causes: Incorrect credentials, expired account, or user not found in the RADIUS server's database.

Access-Challenge (Code 11).

• Description: The Access-Challenge message is used by the RADIUS server to request additional information from the user during the authentication process.
• Possible Causes: Multi-factor authentication (MFA) requirements, user-specific challenges, or further identity verification.

Access-Accept (Code 2).

• Description: The Access-Accept message is sent by the RADIUS server to grant access to a user.
• Possible Causes: Successful authentication and authorization.

Accounting-Response (Code 5).

• Description: The Accounting-Response message is sent by the RADIUS server to acknowledge receipt of an accounting request.
• Possible Causes: Successful accounting data transmission.

Disconnect-Request (Code 40) and Disconnect-ACK (Code 41).

• Description: Disconnect-Request and Disconnect-ACK messages are used to terminate a session.
• Possible Causes: User or administrator-initiated session termination.

Access-Request (Code 1).

• Description: The Access-Request message is sent by the RADIUS client to the server to initiate the authentication process.
• Possible Causes: User attempting to authenticate.

Accounting-Request (Code 4).

• Description: The Accounting-Request message is sent by the RADIUS client to the server for accounting purposes.
• Possible Causes: Capturing usage data for accounting and billing purposes.

Disconnect-NAK (Code 42).

• Description: The Disconnect-NAK message is sent by the RADIUS server to reject the termination of a session.
• Possible Causes: Rejection of a session termination request due to various reasons, such as ongoing activity.

RADIUS Server Unreachable (Code 12).

• Description: The RADIUS Server Unreachable message is used when the RADIUS server cannot be reached by the client.
• Possible Causes: Network connectivity issues, RADIUS server down, or incorrect server configuration.

RADIUS Client Blocked (Code 44).

• Description: The RADIUS Client Blocked message indicates that the RADIUS client is blocked from accessing the server.
• Possible Causes: RADIUS server policies block the client due to unauthorized access attempts or other security reasons.

Missing-Attribute (Code 18).

• Description: The Missing-Attribute message is used to indicate that a mandatory attribute is missing in the RADIUS message.
• Possible Causes: Incomplete RADIUS message due to missing required attributes.

NAS-Identification-Error (Code 32).

• Description: The NAS-Identification-Error message is sent to indicate an issue with the Network Access Server (NAS) identification.
• Possible Causes: Incorrect or unrecognized NAS identification information.

Session-Context-Not-Found (Code 75).

• Description: The Session-Context-Not-Found message indicates that the requested session context could not be found.
• Possible Causes: Invalid or nonexistent session context identifier.

Unsupported-Extension (Code 23).

• Description: The Unsupported-Extension message is used to indicate that a requested extension is not supported by the RADIUS server.
• Possible Causes: Requested attributes or extensions that are not supported by the server.

Authorization-Update-Failure (Code 101).

• Description: The Authorization-Update-Failure message indicates a failure in updating authorization information.
• Possible Causes: Failed attempt to update authorization attributes during an ongoing session.

User-Identity-Unavailable (Code 200).

• Description: The User-Identity-Unavailable message indicates that the requested user identity is currently unavailable.
• Possible Causes: User identity information not available due to various reasons, such as misconfiguration or service unavailability.

Understanding these RADIUS error codes and their potential causes can aid network administrators in diagnosing and resolving authentication, authorization, and accounting issues efficiently.