- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiOS 6.0.1 Radius Wifi authentication
Hi all,
One of our customers has a FortiGate 100D running FortiOS 6.0.1, as well as several FortiAP antennas. We are experiencing problems with WPA2-Enterprise authentication using Radius on a Windows server (2008 R2).
This has worked before, so we suspect the issue was introduced with a recent upgrade to FortiOS 6.0.1.
The authentication used is MSCHAPv2.
No mobile device can connect to the SSID protected with WPA2-Enterprise. On a Windows 10 machine the wireless connection attempt, after providing username and password, simply says 'Unable to connect to this network'.
The Windows Event Viewer shows a security audit failure, stating that a request was attempted using PEAP, and the request is stopped at the connection request policy because the server doesn't understand it (The message received was unexpected or badly formatted):
Authentication Details: Connection Request Policy Name: rsso-wifi Network Policy Name: - Authentication Provider: Windows Authentication Server: FCDCS01.FC2.local Authentication Type: PEAP EAP Type: - Account Session Identifier: 35424144433941352D3030303232374636 Logging Results: Accounting information was written to the local log file. Reason Code: 266 Reason: The message received was unexpected or badly formatted.
Now when I try to execute a diag test authserver radius <servername> mschap2 <username> <password> from the firewall, the request is successful, and the event viewer shows a correct message granting access. The authentication type is correctly shown as MSCHAPv2:
Authentication Details: Connection Request Policy Name: rsso-wifi Network Policy Name: Connections to other access servers Authentication Provider: Windows Authentication Server: FCDCS01.FC2.local Authentication Type: MS-CHAPv2 EAP Type: - Account Session Identifier: 3462623464343239 Quarantine Information: Result: Full Access Extended-Result: - Session Identifier: - Help URL: - System Health Validator Result(s): -
I suspect the Fortigate is not sending requests received from the mobile devices to the Radius server correctly. We couldn't find this particular problem in the release notes of versions 6.0.2 and 6.0.3, so we are not sure an upgrade would resolve this issue.
Does anybody have any further information or suggestion?
Thanks, much appreciated.
Jaap
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Did you ever figure out a solution to this issue?
Thank you,
Mike