|Description||This article describes how to resolve an authentication failure issue using a Radius server as remote authentication in FortiManager/FortiAnalyzer. Debugging shows the error 'recv failed: timeout', followed by 'auth result: denied'.|
|Scope||FortiAnalyzer, FortiManager, Radius Server.|
Before taking the steps in this article, confirm that there is no configuration issue on both sides by verifying configuration details. For example, successfully log in using the same user credentials on FortiGate.
To troubleshoot configuration, refer to the following article:
Enable the debug command in the CLI:
# diag debug application auth 255
# diag debug timestamp enable
# diag debug enable
Attempt another login.
The expected debug output with this error is as follows:
2023-03-31 16:19:29 s23: auth request: user=user1 from=GUI(x.x.x.x)
Note that the timeout occurs after 5 seconds:
2023-03-31 16:19:29 s23:test: send request: type=pap id=8
The currently default logic for the timeout is that it occurs after 10 seconds for the entire login process. If a secondary server is configured, there is a 5 second timeout for each server. The error covered by this article primarily occurs due to a premature timeout, which can be fixed by increasing the timeout period.
To increase the request timeout period, configure the following global settings in the CLI:
# config system global
set remoteauthtimeout <integer value>
Afterwards, the connection should succeed and the debug output will appear similar to the following:
2023-03-31 16:33:01 s25: auth request: user=user1 from=GUI(x.x.x.x)