Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fabio
Contributor

Created on ‎03-08-2024 01:04 AM

FortiAuthenticator user disable before approve process

Hello, 

 I have a problem with disabling usernames that register on the Captive Portal create on my FortiAuthenticator.
After the registration but before approval by an Administrator, if the user tries to authenticate with the credentials they registered with, the FortiAuth disables the user and the link that comes (with email) to Administrator or sponsor generates an error and cannot be approved.
I have to go into management and reenable the user manualy.
Any ideas to avoid this?

 

Thank's

Fabio
Fabio
Labels:
1310
0 Kudos
1 Solution
Fabio
Contributor

Created on ‎04-10-2024 09:22 AM

Fortinet support acknowledged it was a Bug and that it will be fixed in the next releas of FAC 6.6.1 GA. 

 

Fabio

View solution in original post

Fabio
973
0 Kudos
8 REPLIES 8
Fabio
Contributor

Created on ‎03-08-2024 01:11 AM

Screenshot 2024-03-08 alle 08.59.44.png

Fabio
Fabio
1304
0 Kudos
ebilcari
Staff
Staff
In response to Fabio

Created on ‎03-08-2024 07:08 AM

I'm not sure but this may fall to the Lockouts policy, can you check what value is configured here:

lockout.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
1266
Fabio
Contributor
In response to ebilcari

Created on ‎03-08-2024 07:13 AM Edited on ‎03-08-2024 07:16 AM

yes i have lockout policy but they have attempt 10 times

 

Screenshot 2024-03-08 alle 16.12.59.png

I don't think this is the problem because the lockeout timeout then after 60 seconds ends but in my case it remains disabled.

Fabio
Fabio
1263
Fabio
Contributor

Created on ‎03-12-2024 02:07 AM

 i open a TAC

Fabio
Fabio
1227
0 Kudos
Fabio
Contributor

Created on ‎03-12-2024 04:20 AM

I tried to disable User Lockout Policy and the issue was not happened again.

Here is the Captive Portal locked screen when the user try to connect before the approval.

I hoper to find a bug that will be recovered with new release.

Captive Portal Locked.jpg

Fabio
Fabio
1216
ebilcari
Staff
Staff
In response to Fabio

Created on ‎03-12-2024 04:31 AM

Thanks for sharing your findings. Since the behavior is easy reproducible I think the engineering team will identify it and offer a solution in the next release. You have to follow up with the TAC support team.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
1210
0 Kudos
dbu
Staff
Staff
In response to Fabio

Created on ‎03-22-2024 03:24 PM

Hi @Fabio ,
I think this behavior can be expected because user is still not active for use until the sponsor's approval is done. It makes sense also that link of the approval is not working anymore because that user is already disabled. 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
1131
0 Kudos
Fabio
Contributor

Created on ‎04-10-2024 09:22 AM

Fortinet support acknowledged it was a Bug and that it will be fixed in the next releas of FAC 6.6.1 GA. 

 

Fabio
Fabio
974
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.