Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
inventohakkı
New Contributor

customer wants to connect to wifi by authenticating with fortiauthenticator, how do I do it?

I made some configurations,
I created new user groups that I pulled from the ldap server
I created radius client and created policy but I get the error in the following log is it related to eap

# Executing group from file /usr/etc/raddb/sites-enabled/default
2024-06-04T12:33:46.061923+03:00 FortiAuthenticator radiusd[6259]: (4) eap: Found authclient from preloaded authclients list for 10.140.140.1: Forti_Radius_Besiktas (10.140.140.1)
2024-06-04T12:33:46.063080+03:00 FortiAuthenticator radiusd[6259]: (4) eap: WARNING: No authpolicy for authclient 2 with authtype eap-tls
2024-06-04T12:33:46.063679+03:00 FortiAuthenticator radiusd[6259]: (4) eap: Found authpolicy 'WiFi_Policies' for client '10.140.140.1'
2024-06-04T12:33:46.063710+03:00 FortiAuthenticator radiusd[6259]: (4) # Executing group from file /usr/etc/raddb/sites-enabled/default
2024-06-04T12:33:46.063738+03:00 FortiAuthenticator radiusd[6259]: (4) facauth: Updated auth log 'elif.sert' for attempt from 10.140.140.1: 802.1x authentication failed
2024-06-04T12:33:46.396730+03:00 FortiAuthenticator radiusd[6259]: Waking up in 0.6 seconds.

Executing group from file /usr/etc/raddb/sites-enabled/default
2024-06-04T12:34:32.660719+03:00 FortiAuthenticator radiusd[6259]: (6) eap: Found authclient from preloaded authclients list for 10.140.140.1: Forti_Radius_Besiktas (10.140.140.1)
2024-06-04T12:34:32.661896+03:00 FortiAuthenticator radiusd[6259]: (6) eap: WARNING: No authpolicy for authclient 2 with authtype eap-tls
2024-06-04T12:34:32.662506+03:00 FortiAuthenticator radiusd[6259]: (6) eap: Found authpolicy 'WiFi_Policies' for client '10.140.140.1'
2024-06-04T12:34:32.662538+03:00 FortiAuthenticator radiusd[6259]: (6) # Executing group from file /usr/etc/raddb/sites-enabled/default
2024-06-04T12:34:32.662568+03:00 FortiAuthenticator radiusd[6259]: (6) facauth: Updated auth log 'elif.sert' for attempt from 10.140.140.1: 802.1x authentication failed
2024-06-04T12:34:32.994932+03:00 FortiAuthenticator radiusd[6259]: Waking up in 0.6 seconds.

1 Solution
Debbie_FTNT
Staff
Staff

Hey @inventohakkı

EAP-TLS means certificate authentication - so the wireless client (PC probably?) is connecting to Wifi and presents a certificate to identify itself, not a username/password combination.

FortiAuthenticator CAN handle EAP-TLS authentication, but this needs a RADIUS policy configured for EAP-TLS (certificate authentication) instead of password/OTP option.

 

If this is incorrect (the client should authenticate with username/password) then you will have to modify those client's settings to provide username/password instead of certificate.

In addition, most wireless authentication does include EAP, so in FortiAuthenticator in the password/OTP policy you might have to toggle on EAP as well (to allow EAP-PEAP or EAP-MSCHAPv2 for example).

 

Cheers,

Debbie

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

View solution in original post

2 REPLIES 2
Debbie_FTNT
Staff
Staff

Hey @inventohakkı

EAP-TLS means certificate authentication - so the wireless client (PC probably?) is connecting to Wifi and presents a certificate to identify itself, not a username/password combination.

FortiAuthenticator CAN handle EAP-TLS authentication, but this needs a RADIUS policy configured for EAP-TLS (certificate authentication) instead of password/OTP option.

 

If this is incorrect (the client should authenticate with username/password) then you will have to modify those client's settings to provide username/password instead of certificate.

In addition, most wireless authentication does include EAP, so in FortiAuthenticator in the password/OTP policy you might have to toggle on EAP as well (to allow EAP-PEAP or EAP-MSCHAPv2 for example).

 

Cheers,

Debbie

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
inventohakkı

 
 
Thank you, I solved it as you said, there were places I had to change on the FortiAp side
 
 
 
 
 
 
 
 
 
 
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors