Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JOSIAH_BOZIAH
New Contributor III

Created on ‎07-20-2023 01:38 AM

Unable to connect to my Radius Server . Test connectivity settings on Fortigate primary server fails

Unable to connect to my Radius Server . Test connectivity settings on Fortigate primary server fails

Labels:
3933
0 Kudos
1 Solution
RBA
Staff
Staff
In response to JOSIAH_BOZIAH

Created on ‎07-20-2023 09:31 PM Edited on ‎07-20-2023 09:31 PM

Try with below command

diagnose test authserver radius "RADIUS SERVER" mschap2 username password

 

Server_name indicates the value of "name" field configured under FortiGate Radius Profile.

Also share the output of command "sh full-configuration user radius"

View solution in original post

3877
8 REPLIES 8
srajeswaran
Staff
Staff

Created on ‎07-20-2023 01:54 AM

Can you collect diagnose sniffer output and then fnbamd debug as suggested in below article?

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Radius-authentication-troubleshooting/ta-p...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
3926
JOSIAH_BOZIAH
New Contributor III

Created on ‎07-20-2023 07:54 PM

radius.JPG

says the invalid RADIUS SERVER.radius2.JPG

10.76.0.1 is my fortigate LAN IP and 10.76.12.15 is my Radius SERVER

3886
0 Kudos
RBA
Staff
Staff
In response to JOSIAH_BOZIAH

Created on ‎07-20-2023 09:31 PM Edited on ‎07-20-2023 09:31 PM

Try with below command

diagnose test authserver radius "RADIUS SERVER" mschap2 username password

 

Server_name indicates the value of "name" field configured under FortiGate Radius Profile.

Also share the output of command "sh full-configuration user radius"

3878
JOSIAH_BOZIAH
New Contributor III
In response to RBA

Created on ‎07-26-2023 01:17 AM Edited on ‎07-26-2023 01:27 AM

tempsnip1.png

3804
0 Kudos
JOSIAH_BOZIAH
New Contributor III
In response to RBA

Created on ‎07-26-2023 01:58 AM

FORTIWIFi60E (root) # sh full-configuration user radius
config user radius
edit "SYPHEIT_RADIUS_SERVER"
set server "10.76.12.15"
set secret ENC tPT9/T/WfKna7Hpk/fEB8eVOizejhnmtryjE6tgBBXEEBN/hKdX/465eA8CrCUYbMDMa8AAMct+uAARL1QlXs5apFgDIJHhL4bQ0XG4AsQQJxm+DMe/1Q6gq+jdM0KS9DWlM47wsKqvUCp6JqF0yUPkVLThtEl54yTsSJD4/GInb+QKMihaFrzTKGC1t9BK3WJw7gg==
set timeout 5
set all-usergroup disable
set use-management-vdom disable
set nas-ip 10.76.0.1
set acct-interim-interval 0
set radius-coa disable
set radius-port 0
set h3c-compatibility disable
set auth-type ms_chap_v2
set source-ip ''
set username-case-sensitive disable
unset group-override-attr-type
set password-renewal enable
set password-encoding auto
set acct-all-servers disable
set switch-controller-acct-fast-framedip-detect 2
set interface-select-method auto
unset switch-controller-service-type
set rsso disable
set secondary-server ''
set secondary-secret ENC RNYBLsbBR+caVJb5q6E7yDrB6z+Jl2MS8hTHYXXXin8ajcPfCW3jS1OU1Btu5SzN4qBlEY+kBMzpa+94qU2M4cXob381a/Oc/+xLENQjLReswgFvV/B54oi6GyXt0GQa07xrLBXUQFL1Rjbjv1BYH/lEzwY8lS9Q7pHcSfR1Efo17jkCR5k2RoRokSPDQPuBY/4tGQ==
set tertiary-server ''
set tertiary-secret ENC /1Jy+0dK9eWp+sI5TxKVZDtCCz7jPyveUVihpKtml6NW0CIFFXZUpnnlcY0wgkXEZNiJ/i6J7x9kUR7wRbD5xCqnZ4XEPeVMt+P/XKuA5cdyTbBkkg5C21FLa9/kbX9lh2XIAEPpOybYKei6rhR+3rEDInDxkM+eh5fKImVLjB6d9o3XlXERyJt8gmYGWbrr5BIlUg==
next
end

3792
0 Kudos
VinayHM
Staff
Staff

Created on ‎07-25-2023 10:49 PM

Hi @JOSIAH_BOZIAH 

 

Please take the sniffer on ports 1813 and 1812 and attach it here.

 

Regards,

 

 

Vinay HM
3816
JOSIAH_BOZIAH
New Contributor III
In response to VinayHM

Created on ‎07-26-2023 01:42 AM Edited on ‎07-26-2023 01:56 AM

Do I need to check Radius accounting under Administrative access, also the command just hangs, no output until I terminate it control C.radiussniff.JPG

 

3795
0 Kudos
VinayHM
Staff
Staff
In response to JOSIAH_BOZIAH

Created on ‎07-26-2023 02:04 AM Edited on ‎06-10-2024 12:21 AM

HI @JOSIAH_BOZIAH 

 

Thanks for the update.

Open two SSH

 

Please take the output of the below commands 

# diagnose debug application fnbamd -1

# diagnose debug enable

 In the second putty run the sniffer.

diagnose sniffer packet any "host x.x.x.x and port 1813 and port 1812" 6 0 a

where x.x.x.x is radius server IP

 

Please recreate the issue (test connectivity) while taking the logs.

 

After taking the logs please disable the debug command.

# diagnose debug disable

# diagnose debug reset

 

Regards,

Vinay HM
3789
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.