Good day.
I am not able to get any local user I create in any local group I create to authenticate to the firewall for VPN access. I am trying to connect with forticlient 4.MR3 Patch3 software and I have tried the latest 5.0.6 forticlient as well with no avail. I am running a Fortigate 200B running 4.0MR3 Patch 6 code. I have tried it with patch 15, 14, and 12 as well with no avail. I am on 6 right now because I have another 200B deployed with the same code level and it works fine. I have re-imaged and it does not work and the configuration of the firewall appears to be accurate.
Here is the log from the diag debug I ran while trying to authenticate. Also at the bottom is verifying that the user does authenticate which it succeeds. Any help would be appreciated because I am stumped. Thank you!
[72:root]main.c:538 s: 0x418ac800 event: 0x18
[72:root]Destroy sconn 0x418ac800, connSize=0.
[72:root]SSL state:before/accept initialization (18.168.24.123)
[72:root]SSL state:SSLv3 read client hello A (18.168.24.123)
[72:root]SSL state:SSLv3 write server hello A (18.168.24.123)
[72:root]SSL state:SSLv3 write certificate A (18.168.24.123)
[72:root]SSL state:SSLv3 write server done A (18.168.24.123)
[72:root]SSL state:SSLv3 flush data (18.168.24.123)
[72:root]SSL state:SSLv3 read client certificate A:system lib(18.168.24.123)
[72:root]SSL state:SSLv3 read client certificate A:system lib(18.168.24.123)
[72:root]SSL state:SSLv3 read client key exchange A (18.168.24.123)
[72:root]SSL state:SSLv3 read finished A (18.168.24.123)
[72:root]SSL state:SSLv3 write change cipher spec A (18.168.24.123)
[72:root]SSL state:SSLv3 write finished B (18.168.24.123)
[72:root]SSL state:SSLv3 flush data (18.168.24.123)
[72:root]SSL state:SSL negotiation finished successfully (18.168.24.123)
[72:root]SSL established: TLSv1 AES256-SHA
[72:root]rmt_authutil.c:330 no session id in auth info
[72:root]rmt_authutil.c:566 invalid cache, ret=4103
[72:root]two factor check for testuser: off
[72:root]sslvpn_auth_check_policy:2215
[72:root]policy_match_check:1733 checking policy 16 for incoming policy
[72:root]policy_match_check:1737 checking policy cipher setting
[72:root]policy_match_check:1742 checking oif admin access
[72:root]policy_match_check:1748 checking policy local username
[72:root]rmt_apsession.c:895 check = 0
[72:root]policy_match_check:1733 checking policy 17 for incoming policy
[72:root]policy_match_check:1737 checking policy cipher setting
[72:root]policy_match_check:1742 checking oif admin access
[72:root]policy_match_check:1748 checking policy local username
[72:root]rmt_apsession.c:895 check = 0
[72:root]policy_match_check:1779 address matched: 1 idns: 0
[72:root]policy_match_check:1785 return 0
[72:root]sslvpn_authenticate_user:124 authenticate user: testuser
[72:root]sslvpn_authenticate_user:130 create fam state
[72:root]sslvpn_auth_check_policy:2215
[72:root]policy_match_check:1785 return 1
[72:root]sslvpn_authenticate_user:124 authenticate user: testuser
[72:root]rmt_logincheck.c:246 user[testuser],auth_type=32768 failed [no_matching_policy]
[72:root]rmt_websession.c:61 status=1;host=18.168.24.123;fails=1;logintime=1385757749
[72:root]File does not exist: /migadmin/remote/index.
[72:root]rmt_authutil.c:330 no session id in auth info
[72:root]rmt_authutil.c:512 access failed, uri=[/remote/fortisslvpn],ret=4103
[72:root]rmt_authutil.c:330 no session id in auth info
[72:root]rmt_authutil.c:566 invalid cache, ret=4103
diag test authserver local SSLVPN_Group testuser pizza123
authenticate user ' testuser' in group ' SSLVPN_Group' succeeded