Unable to connect to my Radius Server . Test connectivity settings on Fortigate primary server fails
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 07-20-2023 09:31 PM Edited on 07-20-2023 09:31 PM
Try with below command
diagnose test authserver radius "RADIUS SERVER" mschap2 username password
Server_name indicates the value of "name" field configured under FortiGate Radius Profile.
Also share the output of command "sh full-configuration user radius"
Can you collect diagnose sniffer output and then fnbamd debug as suggested in below article?
says the invalid RADIUS SERVER.
10.76.0.1 is my fortigate LAN IP and 10.76.12.15 is my Radius SERVER
Created on 07-20-2023 09:31 PM Edited on 07-20-2023 09:31 PM
Try with below command
diagnose test authserver radius "RADIUS SERVER" mschap2 username password
Server_name indicates the value of "name" field configured under FortiGate Radius Profile.
Also share the output of command "sh full-configuration user radius"
Created on 07-26-2023 01:17 AM Edited on 07-26-2023 01:27 AM
FORTIWIFi60E (root) # sh full-configuration user radius
config user radius
edit "SYPHEIT_RADIUS_SERVER"
set server "10.76.12.15"
set secret ENC tPT9/T/WfKna7Hpk/fEB8eVOizejhnmtryjE6tgBBXEEBN/hKdX/465eA8CrCUYbMDMa8AAMct+uAARL1QlXs5apFgDIJHhL4bQ0XG4AsQQJxm+DMe/1Q6gq+jdM0KS9DWlM47wsKqvUCp6JqF0yUPkVLThtEl54yTsSJD4/GInb+QKMihaFrzTKGC1t9BK3WJw7gg==
set timeout 5
set all-usergroup disable
set use-management-vdom disable
set nas-ip 10.76.0.1
set acct-interim-interval 0
set radius-coa disable
set radius-port 0
set h3c-compatibility disable
set auth-type ms_chap_v2
set source-ip ''
set username-case-sensitive disable
unset group-override-attr-type
set password-renewal enable
set password-encoding auto
set acct-all-servers disable
set switch-controller-acct-fast-framedip-detect 2
set interface-select-method auto
unset switch-controller-service-type
set rsso disable
set secondary-server ''
set secondary-secret ENC RNYBLsbBR+caVJb5q6E7yDrB6z+Jl2MS8hTHYXXXin8ajcPfCW3jS1OU1Btu5SzN4qBlEY+kBMzpa+94qU2M4cXob381a/Oc/+xLENQjLReswgFvV/B54oi6GyXt0GQa07xrLBXUQFL1Rjbjv1BYH/lEzwY8lS9Q7pHcSfR1Efo17jkCR5k2RoRokSPDQPuBY/4tGQ==
set tertiary-server ''
set tertiary-secret ENC /1Jy+0dK9eWp+sI5TxKVZDtCCz7jPyveUVihpKtml6NW0CIFFXZUpnnlcY0wgkXEZNiJ/i6J7x9kUR7wRbD5xCqnZ4XEPeVMt+P/XKuA5cdyTbBkkg5C21FLa9/kbX9lh2XIAEPpOybYKei6rhR+3rEDInDxkM+eh5fKImVLjB6d9o3XlXERyJt8gmYGWbrr5BIlUg==
next
end
Please take the sniffer on ports 1813 and 1812 and attach it here.
Regards,
Created on 07-26-2023 01:42 AM Edited on 07-26-2023 01:56 AM
Do I need to check Radius accounting under Administrative access, also the command just hangs, no output until I terminate it control C.
Created on 07-26-2023 02:04 AM Edited on 06-10-2024 12:21 AM
Thanks for the update.
Open two SSH
Please take the output of the below commands
# diagnose debug application fnbamd -1
# diagnose debug enable
In the second putty run the sniffer.
diagnose sniffer packet any "host x.x.x.x and port 1813 and port 1812" 6 0 a
where x.x.x.x is radius server IP
Please recreate the issue (test connectivity) while taking the logs.
After taking the logs please disable the debug command.
# diagnose debug disable
# diagnose debug reset
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.