Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
atravel
New Contributor III

Created on ‎08-18-2023 12:14 PM

On and off SSLVPN configuration is wrong (-7200) at 48%

We get this message 
"Message Remote LDAP user authentication(chap) with FortiToken failed: invalid password" 

We also get intermittent
"Cannot add user from LDAP server because of this error: Failed to import user "" (rule: AD Sync), The username attribute cannot be retrieved" 

1395
0 Kudos
9 REPLIES 9
akanibek
Staff
Staff

Created on ‎08-19-2023 01:50 AM Edited on ‎08-19-2023 02:21 AM

 
 
 
 

ForumUpdateFAC.png

 

@atravel, could you tell us if your FAC is added to the Active directory as machine entity? And, if the option 'Use Windows AD Domain Auth' is enabled in the appropriate radius policy? 

 

Below you can find article about these, and doc link.

 

https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-Joining-FortiAuthenticator-in-the...

 

https://docs.fortinet.com/document/fortiauthenticator/6.0.3/administration-guide/641286/remote-authe...

 

 

 

Asset
1366
atravel
New Contributor III

Created on ‎08-21-2023 06:08 AM

Use Windows AD Domain Auth is not enabled. 1sslerror.JPG

1330
0 Kudos
akanibek
Staff
Staff

Created on ‎08-21-2023 06:32 AM

What device is acting as radius Client? Could you adjust on Radius Client auth. method to PAP, and test it? If it works, you can keep working with PAP method, otherwise you should configure options above.

Asset
1324
0 Kudos
atravel
New Contributor III
In response to akanibek

Created on ‎08-21-2023 07:47 AM

Our FortiGate is radius Client. 

1312
0 Kudos
atravel
New Contributor III

Created on ‎08-21-2023 08:02 AM

Is this ok?2sslerror.JPG

1305
0 Kudos
akanibek
Staff
Staff

Created on ‎08-22-2023 03:47 AM

Could you share the screen from Radius server configuration on Fortigate? 

 

Asset
1273
0 Kudos
atravel
New Contributor III

Created on ‎08-22-2023 05:57 AM Edited on ‎08-22-2023 05:58 AM

3sslerror.JPG

1265
0 Kudos
akanibek
Staff
Staff
In response to atravel

Created on ‎08-22-2023 08:38 AM

Change please 'Authentication method' to Specify > PAP, and try to reproduce the issue.

 

Asset
1249
atravel
New Contributor III
In response to akanibek

Created on ‎08-22-2023 11:46 AM

I made the change and Im monitoring the logs to see if the error will reappear. 

1238
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.