Hello
FortiWeb 6.3.9 and FortiAuthenticator 6.4.9.
My FWB is configured to authenticate admins (for admin access) via RADIUS authentication with FAC and it works just fine.
This issue comes when I want to use HTTP authentication, for users when they want to access some protected Web servers.
I configured like explained here:
https://docs.fortinet.com/index.php/document/fortiweb/6.3.9/administration-guide/467409
Now when a user tries to access a protected server, it shows HTTP authentication window, but when user enters correct username and password, FWB still returns error 401 (unauthorized), even if my FAC logs show the related authentication was successful.
For info on FWB's RADIUS config, when I test the authentication with the same credentials it works fine.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
RADIUS is still the method to connect authentication of networking devices to your domain. Move to WPA2-enterprise and have users login with domain creds. They instantly lose connectivity if their credentials are disabled / locked https://mobdro.bio/ .
This response is off topic.
When FortiWeb repeats HTTP 401, it simply means the authentication failed. Since you had confirmed that the authentication passed in the Fortiauthenticator, perhaps it is caused by timeout setting if it took more than 2 seconds for the FAC to response back.
You can check the explanations here:
a) Error 401:
https://help.fortinet.com/fweb/583/Content/FortiWeb/fortiweb-admin/offloading_http.htm
b) timeout issue:
https://docs.fortinet.com/index.php/document/fortiweb/6.3.9/administration-guide/467409
Regards
Patrick
Thanks for your response, Patrick.
Yes I confirm the authentication is successful. I also confirm there is no timeout because I enabled debug logs on FWB and the event logs show that the authentication is reported successful on FWB as well.
Any other idea?
As said, receiving 401 errors simply indicating the FWB still unable to authenticate the users successfully. Whether the FWB is waiting for a specific response from FAC or the received packet is not identifiable, you might want to initiate a TAC ticket to verify.
Regards
Patrick
Thanks Patrick
I'll follow your recommendation and initiate a ticket.
Meanwhile any other idea is welcome.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1669 | |
1082 | |
752 | |
446 | |
224 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.