I know this is not a Fortigate issue, but I'm posting here in hopes that someone has experienced the same problem.
I already made a post about this on the Technet forum over here:
Since it's not possible to describe my issue with multiple screenshots here, I'm just going to refer you to my Technet post.
Can anyone tell me why this is happening? Why would the NPS not send the group attribute (and apparently other attributes as well) when using code from authenticator?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
looking at your other post, does your setup have any full radius appliance involved or is it only NPS?
Are you getting the code input notification? it may well worth be trying to disable/enable the policy post changing the method from push to code in MFA before getting the user to test again.
[One of the client implementations had issues with NPS limitations being detected on how attributes could/were used for connection checks. Personally, i do not consider NPS as a proper radius but just a low-cost add on with usual MS package.Post issues/limitations with NPS, the client finally agreed to using a proper radius appliance which is now helping a lot.Troubleshooting with NPS was a nightmare.]
I am not contributing much to your issue, but just thought of sharing my experience.
Hi, it's only NPS I'm afraid. It works fine with code and app notification. The problem I have is when the user in Office/Azure is configured for code from app or SMS. Then the group attribute is not sent to the Fortigate and the authentication fails as the Fortigate doesn't know which group the user belongs to.
This may, as you say, be caused by RADIUS being poorly implemented. It could also be that the problem is how the Azure MFA plugin handles groups when using code authentication.
NPS can be challenging but have you looked at the logs and ran the "diag test authserver radius" from cli?
Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.