Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jd653687
New Contributor III

Radius fortigate 100E v6.0.0 Authentication failed

Hi,

I have a Fortigate 100E with OS v 6.0.0 installed and setup radius with a windows 2012 server.

The radius server is found but when I test the credentials from the fortigate it failes with "Invalid credentials"

I have set this up before with an older OS version and that is working just fine. I checked all of the settings between these 2 configurations and they are the same. 

Any ideas why radius authentication is not working?

1 Solution
Eder_Lima1
New Contributor II

In this version, the FortiGate uses PAP (by default) for authentication tests from GUI.

If the server is configured with MS-CHAP-v2, then the tests must be performed through the CLI.

 

FGT_01# diagnose test authserver radius NPS mschap2 username password

 

 

NSE4, NSE5, NSE6, NSE7

CCNA R&S, CCNA Wireless, HCNA

View solution in original post

NSE4, NSE5, NSE6, NSE7 CCNA R&S, CCNA Wireless, HCNA
6 REPLIES 6
jd653687
New Contributor III

Seems that the test in the fortigate failes but when using the VPN it is authenticated. So small bug in test authentication.

neonbit
Valued Contributor

Out of curiosity, are you doing the test via the CLI or the GUI?

jd653687
New Contributor III

Using the GUI

emnoc
Esteemed Contributor III

Check the radius  logs or debug,I would  not rule out   pap/chap/auto for the authentication. By RADIUS-aaS service that I have setup is working btw.  So I would review the radius server  cfg and make sure no  new setting was applied.

 

ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Eder_Lima1
New Contributor II

In this version, the FortiGate uses PAP (by default) for authentication tests from GUI.

If the server is configured with MS-CHAP-v2, then the tests must be performed through the CLI.

 

FGT_01# diagnose test authserver radius NPS mschap2 username password

 

 

NSE4, NSE5, NSE6, NSE7

CCNA R&S, CCNA Wireless, HCNA

NSE4, NSE5, NSE6, NSE7 CCNA R&S, CCNA Wireless, HCNA
bascheew
New Contributor III

I am seeing the same thing on 6.0.4.  The test in the GUI fails, but it works in the CLI.  Thanks @Eder_Lima

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors