Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rbenoit
New Contributor

Created on ‎09-20-2024 02:22 AM

Invalid secret RADIUS Fortigate/fortiauthenticator

Hello,

I have a problem with the Radius connection my Fortigate and my fortiauthenticator.

Last night the security team updated Fortigate to version 7.4.5 since users can no longer connect via VPN.

When I go to configuration I get this message

 

 

image.png

I checked the secret carefully and they are identical so I don't understand. The fortigate and the fortiauthenticator communicate well with each other however.

Do you have any ideas?


Thanks

 

Rémy
Rémy
21759
0 Kudos
1 Solution
saneeshpv_FTNT
Staff
Staff

Created on ‎09-20-2024 04:59 AM

Hi @rbenoit ,

 

Could you please upgrade your FAC to version 6.6.2 if it is Older version as we have an some enhancement made with version 7.4.5 of FortiOS as a fix for the CVE-2024-3596 and FAC should be on 6.6.2 or above to support this change. If you need more details, you may open a support case.

 

 

Best Regards,
San

View solution in original post

21725
17 REPLIES 17
vbandha
Staff
Staff
In response to jbrown

Created on ‎09-21-2024 06:33 AM

Hi @jbrown 

Have you enabled 'Message-Authenticator' attribute on Radius Server?

 

Regards,

Varun

13127
chad422
New Contributor
In response to vbandha

Created on ‎11-24-2024 03:52 PM

You got me going in the right direction man, thank you!  I'm running 7.2.10 and per this bulletin: https://help.duo.com/s/article/9012?language=en_US

I added this attribute to radius server config and boom!

 

[radius_server_auto]
<snip>

force_message_authenticator=true

 

3427
Fireball6
New Contributor II

Created on ‎09-23-2024 06:06 AM

I've contacted Duo support and they said unfortunately the new CVE requirements are not yet compatible with the Duo Authentication Proxy.  They've escalated the case to developers.  They said my options now were to reach out to Fortigate to disable the new requirement or revert back to previous Firmware; I could also use Duo SSO rather than RADIUS.  I'm waiting for a call from Fortigate.

7908
JNTULLIS
New Contributor

Created on ‎09-23-2024 06:48 AM

I went through the Duo SSO for Fortigate setup article yesterday and got it working for myself but others received errors when trying to connect.  The SSO / SAML setup also requires a change on the client (checking the SSO box).  I wanted to avoid having to change all of the clients, so I ended up just removing the RADIUS Duo Auth Proxy Remote Group and went back to just authenticating with an AD group for the Duo SSL VPN group on the FortiGate for the time being until I can get SSO working.  I really wish Duo would fix the Auth Proxy, but I seriously doubt they will.

5904
0 Kudos
Fireball6
New Contributor II

Created on ‎09-23-2024 11:28 AM

I didn't want to rush into configuring Duo SSO so we reverted back to 7.4.4 and the vpn is working now.  We'll either configure Duo SSO or see if Duo has a fix for the Duo Authenticator Proxy.  Thanks.  

5811
0 Kudos
amuda
Staff
Staff

Created on ‎09-24-2024 12:22 AM

Hi,

 

Please refer to this KB: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-RADIUS-authentication-failure-after-...

 

 

Amerul
APAC TAC
5723
SomeoneNew
New Contributor

Created on ‎10-02-2024 03:47 AM

Put me in the ME TOO category.

 

5123
0 Kudos
JThesis
New Contributor

Created on ‎10-08-2024 12:21 AM

Hi,

Same here...

I had a support ticket because of issues with VPN firewall rules.

They told us to upgrade the FTG to 7.4.5... and know I discover that Radius is no more working with Duo ??

Very interesting, do the support knows the ongoing issues when they advice someone to upgrade their FTG ? Because if they did know that I hope they wouldn't tell us to upgrade as now the VPN is no more working at all...

 

We are using Forti since now 6 months (after Zyxel)), and to be honest, there are a lot, I mean A LOT of issues... this is really not nice to work with you guys... There are always issues with your firmwares. We upgrade to fix an issue and TADA a new issue now.

4869
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.