Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rbenoit
New Contributor

Invalid secret RADIUS Fortigate/fortiauthenticator

Hello,

I have a problem with the Radius connection my Fortigate and my fortiauthenticator.

Last night the security team updated Fortigate to version 7.4.5 since users can no longer connect via VPN.

When I go to configuration I get this message

 

 

image.png

I checked the secret carefully and they are identical so I don't understand. The fortigate and the fortiauthenticator communicate well with each other however.

Do you have any ideas?


Thanks

 

Rémy
Rémy
1 Solution
saneeshpv_FTNT

Hi @rbenoit ,

 

Could you please upgrade your FAC to version 6.6.2 if it is Older version as we have an some enhancement made with version 7.4.5 of FortiOS as a fix for the CVE-2024-3596 and FAC should be on 6.6.2 or above to support this change. If you need more details, you may open a support case.

 

 

Best Regards,
San

View solution in original post

16 REPLIES 16
saneeshpv_FTNT

Hi @rbenoit ,

 

Could you please upgrade your FAC to version 6.6.2 if it is Older version as we have an some enhancement made with version 7.4.5 of FortiOS as a fix for the CVE-2024-3596 and FAC should be on 6.6.2 or above to support this change. If you need more details, you may open a support case.

 

 

Best Regards,
San

Hatibi
Staff
Staff

Try creating a new RADIUS user. Delete this one and simply create a new one by re-entering the Secret key.


Check in CLI if it still fails and verify debugs:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-test-FortiGate-s-radius-user/...

CDGBS
New Contributor

Thank you, it worked for me.

Regards

Fireball6
New Contributor II

I'm having the same issue but using Duo proxy.  Ran validation tool on Duo Proxy and it has no connectivity problems.  Users even receive the Duo push when trying to connect via SSL VPN and then it just drops.

vbandha
Staff
Staff

Hello @rbenoit 

Please check this notice for the changes in FortiOS 7.4.5 that may be causing the issue:

https://docs.fortinet.com/document/fortigate/7.4.5/fortios-release-notes/5880/radius-vulnerability


Regards,

Varun

Fireball6
New Contributor II

That makes sense.  I just need to figure out how to edit the Duo Authenticator Proxy Manager and test it.  Thank you so much for your help!

JNTULLIS

Hi.  I'm using Duo Auth Proxy too.  Did you find a solution for the RADIUS issue?

jbrown
New Contributor

I am having this same problem.  I created the user per the instructions and now THAT says it can't connect to the server. 

vbandha

Hi @jbrown 

Have you enabled 'Message-Authenticator' attribute on Radius Server?

 

Regards,

Varun

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors