Unable to connect to my Radius Server . Test connectivity settings on Fortigate primary server fails

JOSIAH_BOZIAH · ‎07-20-2023

RBA · ‎07-20-2023

Try with below command

diagnose test authserver radius "RADIUS SERVER" mschap2 username password

Server_name indicates the value of "name" field configured under FortiGate Radius Profile.

Also share the output of command "sh full-configuration user radius"

View solution in original post

srajeswaran · ‎07-20-2023

Can you collect diagnose sniffer output and then fnbamd debug as suggested in below article?

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Radius-authentication-troubleshooting/ta-p...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

JOSIAH_BOZIAH · ‎07-20-2023

says the invalid RADIUS SERVER.

10.76.0.1 is my fortigate LAN IP and 10.76.12.15 is my Radius SERVER

RBA · ‎07-20-2023

Try with below command

diagnose test authserver radius "RADIUS SERVER" mschap2 username password

Server_name indicates the value of "name" field configured under FortiGate Radius Profile.

Also share the output of command "sh full-configuration user radius"

JOSIAH_BOZIAH · ‎07-26-2023

JOSIAH_BOZIAH · ‎07-26-2023

FORTIWIFi60E (root) # sh full-configuration user radius
config user radius
edit "SYPHEIT_RADIUS_SERVER"
set server "10.76.12.15"
set secret ENC tPT9/T/WfKna7Hpk/fEB8eVOizejhnmtryjE6tgBBXEEBN/hKdX/465eA8CrCUYbMDMa8AAMct+uAARL1QlXs5apFgDIJHhL4bQ0XG4AsQQJxm+DMe/1Q6gq+jdM0KS9DWlM47wsKqvUCp6JqF0yUPkVLThtEl54yTsSJD4/GInb+QKMihaFrzTKGC1t9BK3WJw7gg==
set timeout 5
set all-usergroup disable
set use-management-vdom disable
set nas-ip 10.76.0.1
set acct-interim-interval 0
set radius-coa disable
set radius-port 0
set h3c-compatibility disable
set auth-type ms_chap_v2
set source-ip ''
set username-case-sensitive disable
unset group-override-attr-type
set password-renewal enable
set password-encoding auto
set acct-all-servers disable
set switch-controller-acct-fast-framedip-detect 2
set interface-select-method auto
unset switch-controller-service-type
set rsso disable
set secondary-server ''
set secondary-secret ENC RNYBLsbBR+caVJb5q6E7yDrB6z+Jl2MS8hTHYXXXin8ajcPfCW3jS1OU1Btu5SzN4qBlEY+kBMzpa+94qU2M4cXob381a/Oc/+xLENQjLReswgFvV/B54oi6GyXt0GQa07xrLBXUQFL1Rjbjv1BYH/lEzwY8lS9Q7pHcSfR1Efo17jkCR5k2RoRokSPDQPuBY/4tGQ==
set tertiary-server ''
set tertiary-secret ENC /1Jy+0dK9eWp+sI5TxKVZDtCCz7jPyveUVihpKtml6NW0CIFFXZUpnnlcY0wgkXEZNiJ/i6J7x9kUR7wRbD5xCqnZ4XEPeVMt+P/XKuA5cdyTbBkkg5C21FLa9/kbX9lh2XIAEPpOybYKei6rhR+3rEDInDxkM+eh5fKImVLjB6d9o3XlXERyJt8gmYGWbrr5BIlUg==
next
end

VinayHM · ‎07-25-2023

Hi @JOSIAH_BOZIAH

Please take the sniffer on ports 1813 and 1812 and attach it here.

Regards,

Vinay HM

JOSIAH_BOZIAH · ‎07-26-2023

Do I need to check Radius accounting under Administrative access, also the command just hangs, no output until I terminate it control C.

VinayHM · ‎07-26-2023

HI @JOSIAH_BOZIAH

Thanks for the update.

Open two SSH

Please take the output of the below commands

# diagnose debug application fnbamd -1

# diagnose debug enable

In the second putty run the sniffer.

diagnose sniffer packet any "host x.x.x.x and port 1813 and port 1812" 6 0 a

where x.x.x.x is radius server IP

Please recreate the issue (test connectivity) while taking the logs.

After taking the logs please disable the debug command.

# diagnose debug disable

# diagnose debug reset

Regards,

Vinay HM

Unable to connect to my Radius Server . Test connectivity settings on Fortigate primary server fails

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website