Fortinac Mschap2 Connection

rcpdkc · ‎02-08-2024

I have SSID verification on fortigate firewall with Fortinac radius. I have a problem like this. Although there is mschapv2 in the radius settings, a user in the domain joins the network without any problems, while the user I created as a guest in the Fortinac interface Credentials Invalid (MSCHAP2) error, what is the reason for this?

ebilcari · ‎02-23-2024

There have been some recent changes about this request and if you run the latest version of FNAC in 9.4 or 7.2 now it is possible.

The feature is disabled by default but it can be enabled from CLI running the following command:

> globaloptiontool -name "localRadiusServer.mschapV2LocalUserAuth" -set true

(In case of FNAC-F first run # execute enter)

This will add a control in the Add/Edit user view (Under Additional Details) that can be enabled for specific users: "RADIUS - Local Password Validation (MSCHAPv2)"

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

AEK · ‎02-09-2024

It makes send when you want to manage gusts with FNAC. All companies don't have the same gust management. E.g.: airport and bank don't manage gusts access in the same way.

Some others do want full traceability for regulatory compliance or other security concerns, so they need manage guests with FNAC for example.

Now as you talk about in AD, in case you manage guests at AD level (another way to manage gusts) the Winbind will do the job and you guest will gain WiFi access as other Corp users, then you will just need to create access policies on FNAC based on AD groups to put guests in the right network.

AEK

rcpdkc · ‎02-09-2024

Can I redirect from the captive portal to the fortinac portal and verify with the guest user login from here?