Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fabio
Contributor

FortiAuthenticator user disable before approve process

Hello, 

 I have a problem with disabling usernames that register on the Captive Portal create on my FortiAuthenticator.
After the registration but before approval by an Administrator, if the user tries to authenticate with the credentials they registered with, the FortiAuth disables the user and the link that comes (with email) to Administrator or sponsor generates an error and cannot be approved.
I have to go into management and reenable the user manualy.
Any ideas to avoid this?

 

Thank's

Fabio
Fabio
1 Solution
Fabio
Contributor

Fortinet support acknowledged it was a Bug and that it will be fixed in the next releas of FAC 6.6.1 GA. 

 

Fabio

View solution in original post

Fabio
8 REPLIES 8
Fabio
Contributor

Screenshot 2024-03-08 alle 08.59.44.png

Fabio
Fabio
ebilcari

I'm not sure but this may fall to the Lockouts policy, can you check what value is configured here:

lockout.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Fabio

yes i have lockout policy but they have attempt 10 times

 

Screenshot 2024-03-08 alle 16.12.59.png

I don't think this is the problem because the lockeout timeout then after 60 seconds ends but in my case it remains disabled.

Fabio
Fabio
Fabio
Contributor

 i open a TAC

Fabio
Fabio
Fabio
Contributor

I tried to disable User Lockout Policy and the issue was not happened again.

Here is the Captive Portal locked screen when the user try to connect before the approval.

I hoper to find a bug that will be recovered with new release.

Captive Portal Locked.jpg

Fabio
Fabio
ebilcari

Thanks for sharing your findings. Since the behavior is easy reproducible I think the engineering team will identify it and offer a solution in the next release. You have to follow up with the TAC support team.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
dbu

Hi @Fabio ,
I think this behavior can be expected because user is still not active for use until the sponsor's approval is done. It makes sense also that link of the approval is not working anymore because that user is already disabled. 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
Fabio
Contributor

Fortinet support acknowledged it was a Bug and that it will be fixed in the next releas of FAC 6.6.1 GA. 

 

Fabio
Fabio
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors