- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
customer wants to connect to wifi by authenticating with fortiauthenticator, how do I do it?
I made some configurations,
I created new user groups that I pulled from the ldap server
I created radius client and created policy but I get the error in the following log is it related to eap
# Executing group from file /usr/etc/raddb/sites-enabled/default
2024-06-04T12:33:46.061923+03:00 FortiAuthenticator radiusd[6259]: (4) eap: Found authclient from preloaded authclients list for 10.140.140.1: Forti_Radius_Besiktas (10.140.140.1)
2024-06-04T12:33:46.063080+03:00 FortiAuthenticator radiusd[6259]: (4) eap: WARNING: No authpolicy for authclient 2 with authtype eap-tls
2024-06-04T12:33:46.063679+03:00 FortiAuthenticator radiusd[6259]: (4) eap: Found authpolicy 'WiFi_Policies' for client '10.140.140.1'
2024-06-04T12:33:46.063710+03:00 FortiAuthenticator radiusd[6259]: (4) # Executing group from file /usr/etc/raddb/sites-enabled/default
2024-06-04T12:33:46.063738+03:00 FortiAuthenticator radiusd[6259]: (4) facauth: Updated auth log 'elif.sert' for attempt from 10.140.140.1: 802.1x authentication failed
2024-06-04T12:33:46.396730+03:00 FortiAuthenticator radiusd[6259]: Waking up in 0.6 seconds.
Executing group from file /usr/etc/raddb/sites-enabled/default
2024-06-04T12:34:32.660719+03:00 FortiAuthenticator radiusd[6259]: (6) eap: Found authclient from preloaded authclients list for 10.140.140.1: Forti_Radius_Besiktas (10.140.140.1)
2024-06-04T12:34:32.661896+03:00 FortiAuthenticator radiusd[6259]: (6) eap: WARNING: No authpolicy for authclient 2 with authtype eap-tls
2024-06-04T12:34:32.662506+03:00 FortiAuthenticator radiusd[6259]: (6) eap: Found authpolicy 'WiFi_Policies' for client '10.140.140.1'
2024-06-04T12:34:32.662538+03:00 FortiAuthenticator radiusd[6259]: (6) # Executing group from file /usr/etc/raddb/sites-enabled/default
2024-06-04T12:34:32.662568+03:00 FortiAuthenticator radiusd[6259]: (6) facauth: Updated auth log 'elif.sert' for attempt from 10.140.140.1: 802.1x authentication failed
2024-06-04T12:34:32.994932+03:00 FortiAuthenticator radiusd[6259]: Waking up in 0.6 seconds.
Solved! Go to Solution.
- Labels:
-
FortiAuthenticator
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @inventohakkı
EAP-TLS means certificate authentication - so the wireless client (PC probably?) is connecting to Wifi and presents a certificate to identify itself, not a username/password combination.
FortiAuthenticator CAN handle EAP-TLS authentication, but this needs a RADIUS policy configured for EAP-TLS (certificate authentication) instead of password/OTP option.
If this is incorrect (the client should authenticate with username/password) then you will have to modify those client's settings to provide username/password instead of certificate.
In addition, most wireless authentication does include EAP, so in FortiAuthenticator in the password/OTP policy you might have to toggle on EAP as well (to allow EAP-PEAP or EAP-MSCHAPv2 for example).
Cheers,
Debbie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @inventohakkı
EAP-TLS means certificate authentication - so the wireless client (PC probably?) is connecting to Wifi and presents a certificate to identify itself, not a username/password combination.
FortiAuthenticator CAN handle EAP-TLS authentication, but this needs a RADIUS policy configured for EAP-TLS (certificate authentication) instead of password/OTP option.
If this is incorrect (the client should authenticate with username/password) then you will have to modify those client's settings to provide username/password instead of certificate.
In addition, most wireless authentication does include EAP, so in FortiAuthenticator in the password/OTP policy you might have to toggle on EAP as well (to allow EAP-PEAP or EAP-MSCHAPv2 for example).
Cheers,
Debbie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
