Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
williasthomas192004
New Contributor II

Created on ‎06-26-2025 04:31 AM

wifi user can't connect with radius user& credential in fortinac

What is the issue?Screenshot 2025-06-26 174114.pngScreenshot 2025-06-26 174212.pngScreenshot 2025-06-26 174235.pngScreenshot 2025-06-26 174312.pngScreenshot 2025-06-26 174426.pngScreenshot 2025-06-26 174446.pngScreenshot 2025-06-26 174504.pngScreenshot 2025-06-26 174533.pngScreenshot 2025-06-26 174724.png I can't find the issue. 

Labels:
327
0 Kudos
6 REPLIES 6
AEK
SuperUser
SuperUser

Created on ‎06-26-2025 04:47 AM

I find it strange that you use RADIUS to authenticate from portal. What was the default value?

RADIUS is usually used to authenticate WiFi clients with NAC.

AEK
AEK
320
ebilcari
Staff
Staff
In response to AEK

Created on ‎06-26-2025 08:40 AM

In addition, based on the current configuration the hosts will be authenticated only for MAC authentication in the FGT and the user accounts are only verified via RADIUS, just allowing them to register their devices.
Since you have already configured Winbind, I guess you are trying to configure EAP-PEAP. To complete this, you need to configure the supplicant in the end host, change the SSID configurations to Enterprise and configure FNAC to register the host via Dot1x auto registration. Portal configurations will not be needed.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
284
williasthomas192004
New Contributor II
In response to ebilcari

Created on ‎06-26-2025 08:49 PM

Could you share an actual process with me? What for use User Login type in portal?

256
0 Kudos
ebilcari
Staff
Staff
In response to williasthomas192004

Created on ‎06-27-2025 03:23 AM

If you want to let the users to only register their devices (BYOD), you need to create an open/PSK SSID and enable only MAC filtering/authentication, similar to the case shown here for guest self registration and use 'Standard User Login' directly with LDAP (no RADIUS needed). This is not recommended for corporate network access because there is no proper RADIUS authentication and the MAC address can also be spoofed.
Some more details can be found in this articles:

Technical Tip: Control BYOD access

Technical Tip: MSCHAPv2 authentication, join FortiNAC in domain and checks

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
218
williasthomas192004
New Contributor II
In response to AEK

Created on ‎06-26-2025 08:37 PM

Default value mean what ?

263
0 Kudos
AEK
SuperUser
SuperUser
In response to williasthomas192004

Created on ‎07-06-2025 02:40 AM

The default value for authentication method for "GestSelfRegistration" is "Local", which means FNAC looks in its local user DB, not via RADIUS.

nac1.png

 

Is there any reason why did you change it to RADIUS?

AEK
AEK
134
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.