Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
starking9b
New Contributor

Created on ‎10-01-2018 07:57 AM

Can not access radius server from fortigate

I am trying to make authentication using free radius server with fortigate , I can send ping between fortigate and ubuntu machine which freeradius run on it , but when I trying to add radius server from USER,Devices section the server can not be reach , and there  is no any request coming to free radius from fortigate ,I don;t know why is that , I can send ping but can not reach radius server

24038
0 Kudos
7 REPLIES 7
Toshi_Esumi
SuperUser
SuperUser

Created on ‎10-01-2018 09:39 AM

I don't where you're looking at to see the error. But you can check RADIUS connectivity at GUI, User & Device->RADIUS Servers->edit "server_name" and "Test Connectivity" button. When you hit it and enter one of username/passwd of users, you should see RADIUS request then reply (UDP 1812 on server side) in "diag sniffer packet any 'host SERVER_IP' 4" like below:

 

19.058198 lan out 192.168.1.254.3949 -> 172.16.1.1.1812: udp 52 20.060076 lan in 172.16.1.11.1812 -> 192.168.1.254.3949: udp 20

If you don't see them, something is wrong with the RADIUS config on the FGT. Not much to configure though; server IP, seret pass, and nas-ip generally.

11990
emnoc
Esteemed Contributor III
In response to Toshi_Esumi

Created on ‎10-01-2018 10:15 AM

I would  check logs on radius server and client. If the  secret is wrong, or wrong  defined service-port, or if the system set for  DTLS-TLS these will generate almost no  response back to the radius-client. You can dump on packet captures to see the radius-accept/reject messages.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
11991
0 Kudos
MdMan85
New Contributor II
In response to emnoc

Created on ‎10-01-2018 11:09 AM

Are you doing this over VPN?

11991
0 Kudos
starking9b
New Contributor
In response to MdMan85

Created on ‎10-01-2018 11:11 PM

yes over vpn

11990
0 Kudos
starking9b
New Contributor
In response to emnoc

Created on ‎10-01-2018 11:16 PM

I can access to freeradius using another fortigate but on this fortigate I can not access , radius service working on 1812 port 

 

11991
0 Kudos
MdMan85
New Contributor II
In response to starking9b

Created on ‎10-02-2018 08:38 AM

If your running it over VPN than you'll need to specify a source IP for radius.

 

If you're using VDOM these would be the commands

c v

edit "vdom name"    No Quotes

config user radius

edit "Name you gave it"    no quotes

set source-ip "Firewall LAN ip"    no quotes

end

end

 

if you do not have VDOM's enabled the commands are

config user radius

edit "Name you gave it"    no quotes

set source-ip "Firewall LAN ip"    no quotes

end

end

 

Try those and let me know if that helped or if you have any questions

11991
gagandeeps
Staff
Staff

Created on ‎09-17-2024 03:37 PM

If a server is available behind VLANs, make sure to add source-Ip as that actual interface or LAn IP, not VLAN IP.

1913
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.