Help
FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
Hatibi
Staff & Editor
Staff & Editor

Created on ‎07-24-2025 06:40 AM

Article Id 403414

Troubleshooting Tip: Resolve RADIUS Access-Rejects with Error 'No Winbind Domain'

Description This article describes the required RADIUS configuration options when clients are rejected with the error 'Access-reject-event: No Winbind Domain'.
Scope FortiNAC-F.
Solution

The Winbind feature is required when administrators want to implement the eap-Mschapv2 authentication method.

When either a single or multiple winbind instances are configured, the following errors might be logged in RADIUS activity events:

 

Figure 1. Activity events showing Access-Rejects with reason "No Winbind Domain".Figure 1. Activity events showing Access-Rejects with reason "No Winbind Domain".

 

In such cases, the Winbind service is enabled and FortiNAC is domain joined, but the RADIUS configuration in use might not have Winbind Domains enabled or the specific domain may not be selected for authentication.

To solve the issue, go to Network -> RADIUS -> Virtual Servers and select the specific RADIUS configuration. Enable 'Winbind Domains'.

 

Figure 2. Allowing all Winbind Domains in the "DefaultConfig" Radius ConfigurationFigure 2. Allowing all Winbind Domains in the "DefaultConfig" Radius Configuration

 

Related articles:
95
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.