Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DineshKum
New Contributor

Permission denied.

We configured social media login from FortiAuthenticator (v5.5.0) to FortiGate (v7.2). However, the result is showing "permission denied." Below is the attached error for reference.denied_msg.png

9 REPLIES 9
dbu
Staff
Staff

Hi @DineshKum ,
It looks like your config is not done properly. There is no match for the defined portal rules. 
Which social login are you trying to configure ? Did you follow any guide ?

 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
DineshKum
New Contributor

Hi @dbu 
We have been following the FortiAuthenticator cookbook located at https://docs.fortinet.com/document/fortiauthenticator/5.5.0/cookbook/975072/social-wifi-captive-port....

However, after following the instructions in the cookbook, we encountered the following error message:

"Permission denied. Accessing the guest portal without a login session."

Could you please review and provide guidance on resolving this issue?

 




Regards,
DINESHKUMAR A

DineshKum

I have attached the error message below.permission_denied.png

dbu

How is the Access Point configured on the  FortiAuthenticator as FQDN or IP ?  

How have you configured this setting under the Fortigate ? 
config firewall auth-portal
set portal-addr "portal.test.com"  <<< your portal FQDN/IP you can try with both 
end

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
DineshKum
New Contributor

Hi @dbu,

We're not using AP; instead, we're connected directly to the FGT port. The authentication portal has also been configured. Please find the attached configuration snapshot.

Regards,
DINESHKUMAR ACli_auth.pngFGT_Captive_portal.png

dbu

I believe the URL should be : https://192.168.5.70/portal  on the Fortigate.
You can verify it with the link under the Portal policies on the FortiAuthenticator 

 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
dbu

Please note you need to match with the Access Point configured on the FortiAuthenticator as below : 
apportal.PNG

 

If you have specified FQDN on the Access Point than you need also to specify FQDN on the FortiGate

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
DineshKum
New Contributor

We are using version 5.5.0, and this option is not available in this version. In this version, only the guest option is mentioned. Here is the attached snapshot.guest_snap.png

 

 

dbu

I see, then it will be /guests. 
You might find some help with this article

Check the portal policy configuration and how you have configured the access point .

 

Key Configuration Points.

  • On the FortiGate, when external authentication Captive Portal is configured, the user authentication is performed on the external authentication device (e.g. FortiAuthenticator) not on the FortiGate.
  • When the 'External Authentication portal' is configured with FortiAuthenticator, FortiGate is required to be a RADIUS client of the FortiAuthenticator and a remote user group pointing towards the FortiAuthenticator (as RADIUS server) is required to be configured on the FortiGate.
  • On the FortiGate, the FortiAuthenticator and DNS servers (in the case where FQDN is configured on the 'External Authentication portal') are required to be exempted from the 'Captive Portal'.
  • On the FortiAuthenticator for 'Captive Portal' authentication 'Portal', 'Access Point' and 'Policy' are required to be configured. 'Access Point' is the IP address of the port on FortiGate where the 'Captive Portal' is enabled.
Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors