Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JOSIAH_BOZIAH
New Contributor III

Unable to connect to my Radius Server . Test connectivity settings on Fortigate primary server fails

Unable to connect to my Radius Server . Test connectivity settings on Fortigate primary server fails

1 Solution
RBA

Try with below command

diagnose test authserver radius "RADIUS SERVER" mschap2 username password

 

Server_name indicates the value of "name" field configured under FortiGate Radius Profile.

Also share the output of command "sh full-configuration user radius"

View solution in original post

8 REPLIES 8
srajeswaran
Staff
Staff

Can you collect diagnose sniffer output and then fnbamd debug as suggested in below article?

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Radius-authentication-troubleshooting/ta-p...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
JOSIAH_BOZIAH
New Contributor III

radius.JPG

says the invalid RADIUS SERVER.radius2.JPG

10.76.0.1 is my fortigate LAN IP and 10.76.12.15 is my Radius SERVER

RBA

Try with below command

diagnose test authserver radius "RADIUS SERVER" mschap2 username password

 

Server_name indicates the value of "name" field configured under FortiGate Radius Profile.

Also share the output of command "sh full-configuration user radius"

JOSIAH_BOZIAH
New Contributor III

tempsnip1.png

JOSIAH_BOZIAH
New Contributor III

FORTIWIFi60E (root) # sh full-configuration user radius
config user radius
edit "SYPHEIT_RADIUS_SERVER"
set server "10.76.12.15"
set secret ENC tPT9/T/WfKna7Hpk/fEB8eVOizejhnmtryjE6tgBBXEEBN/hKdX/465eA8CrCUYbMDMa8AAMct+uAARL1QlXs5apFgDIJHhL4bQ0XG4AsQQJxm+DMe/1Q6gq+jdM0KS9DWlM47wsKqvUCp6JqF0yUPkVLThtEl54yTsSJD4/GInb+QKMihaFrzTKGC1t9BK3WJw7gg==
set timeout 5
set all-usergroup disable
set use-management-vdom disable
set nas-ip 10.76.0.1
set acct-interim-interval 0
set radius-coa disable
set radius-port 0
set h3c-compatibility disable
set auth-type ms_chap_v2
set source-ip ''
set username-case-sensitive disable
unset group-override-attr-type
set password-renewal enable
set password-encoding auto
set acct-all-servers disable
set switch-controller-acct-fast-framedip-detect 2
set interface-select-method auto
unset switch-controller-service-type
set rsso disable
set secondary-server ''
set secondary-secret ENC RNYBLsbBR+caVJb5q6E7yDrB6z+Jl2MS8hTHYXXXin8ajcPfCW3jS1OU1Btu5SzN4qBlEY+kBMzpa+94qU2M4cXob381a/Oc/+xLENQjLReswgFvV/B54oi6GyXt0GQa07xrLBXUQFL1Rjbjv1BYH/lEzwY8lS9Q7pHcSfR1Efo17jkCR5k2RoRokSPDQPuBY/4tGQ==
set tertiary-server ''
set tertiary-secret ENC /1Jy+0dK9eWp+sI5TxKVZDtCCz7jPyveUVihpKtml6NW0CIFFXZUpnnlcY0wgkXEZNiJ/i6J7x9kUR7wRbD5xCqnZ4XEPeVMt+P/XKuA5cdyTbBkkg5C21FLa9/kbX9lh2XIAEPpOybYKei6rhR+3rEDInDxkM+eh5fKImVLjB6d9o3XlXERyJt8gmYGWbrr5BIlUg==
next
end

VinayHM
Staff
Staff

Hi @JOSIAH_BOZIAH 

 

Please take the sniffer on ports 1813 and 1812 and attach it here.

 

Regards,

 

 

Vinay HM
JOSIAH_BOZIAH

Do I need to check Radius accounting under Administrative access, also the command just hangs, no output until I terminate it control C.radiussniff.JPG

 

VinayHM

HI @JOSIAH_BOZIAH 

 

Thanks for the update.

Open two SSH

 

Please take the output of the below commands 

# diagnose debug application fnbamd -1

# diagnose debug enable

 In the second putty run the sniffer.

diagnose sniffer packet any "host x.x.x.x and port 1813 and port 1812" 6 0 a

where x.x.x.x is radius server IP

 

Please recreate the issue (test connectivity) while taking the logs.

 

After taking the logs please disable the debug command.

# diagnose debug disable

# diagnose debug reset

 

Regards,

Vinay HM
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors