| Description | This article describes how to perform basic debugging via FortiNAC GUI for Local Radius Server, in order to verify if the processes are working as expected or to provide TAC support with additional debug information at the beginning of a ticket. |
| Scope | |
| Solution |
In 9.2.2 there is an enhanced GUI view for troubleshooting Local Radius in FortiNAC. Both RADIUS service and FortiNAC server debug can be enabled independently.
To check if Radius Service is running properly or not, which is a good starting place for authentication and service startup failures.
- Select Network -> RADIUS -> Local Service (no.1).
-On the Local Radius Service status in the right from the drop-down menu(no.4), select Service Status .
-If service is not running properly, it is possible to check the debugging logs in the right for any hints or indications for the failure
To check Radius Server logs which is useful when authentication succeeds up to the post-auth phase where FortiNAC does post-auth processing and can diagnose why FortiNAC returns deny, incorrect VLAN or filter ID, or wrong/missing response value data.
- Turn on Debug & Troubleshooting (no.1).
- Define verbosity level : high, medium, low (no.2).
- Enable FortiNAC server debug related to local RADIUS access processing. Debug outputs will be displayed in the right under Local Service tab. Select from the drop-down Service Status > Server Log. (no.3 and no.7).
- For specific filtering on MAC address, it is possible to specify via no.4 or no.6. - For added information regarding the network access policy applied, you can turn it on (no.5).
If the FortiNAC is joined to Active Directory for MSCHAPv2 authentication, then the local radius winbind process can be checked via GUI too.
- Got to Network -> RADIUS -> Winbind (no.1 and no.4).
-Check if it is running and domain is joined (no.2 and no.3).
 |
|
|
Related Articles :
https://docs.fortinet.com/document/fortinac/9.2.0/administration-guide/450544/local-radius-server
|
