Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fnspit
New Contributor

NPS RADIUS accounting not forwarding to Fortinet FSSO – always logs to local file instead

Hi all,

I'm trying to get RADIUS accounting packets from a Windows Server NPS (RADIUS) to be forwarded to a Fortinet FSSO Collector, but I'm stuck.

Here's my setup:

  • NPS is authenticating 802.1X Wi-Fi logins using PEAP/EAP-MSCHAPv2.

  • Accounting forwarding is enabled in the Connection Request Policy (CRP) – the option “Forward accounting requests to this remote RADIUS server group” is checked.

  • The Remote RADIUS Server Group points to the FSSO Collector (IP: 10.81.0.36, port: 1813, shared secret OK).

  • In the FSSO collector itself, RADIUS accounting is enabled, listens on 1813, and matches the shared secret.

  • Wireshark confirms that UDP packets on port 1813 are never sent.

  • Every time a user authenticates, NPS logs this in Event Viewer with:pgsqlKopírovaťUpraviťLogging Results: Accounting information was written to the local log file.

What I’ve tried so far:

  • Recreated the CRP from scratch with minimal conditions (NAS port type only).

  • Made sure CRP is at the top of the policy list and is being hit (confirmed via Event Viewer: Connection Request Policy Name: TEST-FSSO).

  • Verified that the Remote RADIUS Server Group has the collector defined with the correct IP, port, and secret.

  • Checked that the “Forward network access server start and stop notifications to this server” option is enabled in the server properties.

  • Restarted the IAS service and verified every change step-by-step.

Still, no accounting packets are being sent to FSSO – NPS always falls back to local log files.

I understand that NPS only generates and forwards accounting when the CRP handles authentication on the local server. But in my case, NPS does perform authentication, and I have no proxy or upstream RADIUS involved.

Is there something I’m missing? Could global accounting settings or a hidden conflict with log file configuration be causing this fallback behavior?

2 REPLIES 2
tbarua
Staff
Staff

Hi , 

Have you enabled radius accounting server in FortiGate? 

You can check Following KBs for cross check  your configuration: 

 

Configure Fortinet Single Sign On (FSSO) ... - Fortinet Community

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-ensure-FortiGate-sends-RADIUS-Accou...

 

Kind regards

Tuli
Freak-On-Silicon
New Contributor II

Hi,

Have you managed to get that working?
I have the exact same problem.

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors