On and off SSLVPN configuration is wrong (-7200) at 48%

atravel · ‎08-18-2023

We get this message
"Message Remote LDAP user authentication(chap) with FortiToken failed: invalid password"

We also get intermittent
"Cannot add user from LDAP server because of this error: Failed to import user "" (rule: AD Sync), The username attribute cannot be retrieved"

akanibek · ‎08-19-2023

@atravel, could you tell us if your FAC is added to the Active directory as machine entity? And, if the option 'Use Windows AD Domain Auth' is enabled in the appropriate radius policy?

Below you can find article about these, and doc link.

https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-Joining-FortiAuthenticator-in-the...

https://docs.fortinet.com/document/fortiauthenticator/6.0.3/administration-guide/641286/remote-authe...

Asset

atravel · ‎08-21-2023

Use Windows AD Domain Auth is not enabled.

akanibek · ‎08-21-2023

What device is acting as radius Client? Could you adjust on Radius Client auth. method to PAP, and test it? If it works, you can keep working with PAP method, otherwise you should configure options above.

Asset

atravel · ‎08-21-2023

Our FortiGate is radius Client.

atravel · ‎08-21-2023

Is this ok?

akanibek · ‎08-22-2023

Could you share the screen from Radius server configuration on Fortigate?

Asset

atravel · ‎08-22-2023

akanibek · ‎08-22-2023

Change please 'Authentication method' to Specify > PAP, and try to reproduce the issue.

Asset

atravel · ‎08-22-2023

I made the change and Im monitoring the logs to see if the error will reappear.

On and off SSLVPN configuration is wrong (-7200) at 48%

Nominate a Forum Post for Knowledge Article Creation