Problem with authentication on Fortiauthenticator using fortitoken

GiuseppeMarra · ‎09-09-2021

Good morning,

i have a problem with fortitoken and fortiauthenticator.

One user, when he's trying to connect in vpn, he's receiving the errore "Permission denied -455".

We have fortiauthenticator and fortitoken for access the vpn; after he put the password on forticlient, it takes too long to request fortitoken and it seems to go in timeout.

I tried to remove fortitoken authentication for this user and he's able to connect to the vpn.

I tried to remove token and give him another fortitoken without success. I also tried to uninstall forticlient and reinstall but not worked.

The fortitoken mobile app is updated.

Any ideas?

Thank you in advance.

abelio · ‎09-10-2021

Hello Giuseppe

A lot of information is still lacking to avoid a long thread of query/answers

- Can we assume that this is the only user with this 2FA problem and others are working well?

- If not, did you activate the associated token to this user?

(in doubt, could you share the screen with token-based authentication screen for this user? obfuscate Token serial number if you prefer

- check logs in order to see 'invalid token' when your user attempt to authenticate.

If so:

check drift between token and FAC

If both are not well synchronized, maybe the user is using an old PIN

regards

/ Abel

xsilver_FTNT · ‎09-10-2021

Hi,

I would focus on config and 'diag debug fnbamd 7' outputs when debug is enabled.

One of the cases where we have seen similar problem was when 2FA (any of the token variations) was enabled on user but there was same username in RADIUS and also LDAP backend which was configured in FortiOS 6.2 prior fixed version 6.2.6.

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Problem with authentication on Fortiauthenticator using fortitoken

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website