Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
APAC_Beta_FTNT
Staff
Staff

Created on ‎05-22-2010 04:13 AM

Article Id 196691

Troubleshooting Tip : FortiGate "Invalid Digest" error message when trying to authenticate against a RADIUS server

Description
While troubleshooting authentication problem against a RADIUS server, the FortiGate may receive an "Invalid Digest" error message.

This message can be seen when enabling the following debug from the FortiGate CLI : "diagnose debug application fnbamd –1"

Example:

fnbamd_radius.c[989] fnbamd_radius_auth_validate_pkt-Invalid digest
fnbamd_auth.c[1255] fnbamd_auth_handle_result-Error validating radius rsp
fnbamd_fsm.c[1224] handle_auth_rsp-Error (5) for req 1329463296
fnbamd_fsm.c[1303] handle_auth_timeout_with_retry-Session timeout, retry
fnbamd_radius.c[789] fnbamd_radius_auth_send-Sent radius req to 192.168.97.15: code=1 id=68 len=140 user="ssl" using MS-CHAPv2


The output of the authentication daemon shows that an Invalid Digest was detected. The Authenticator field in the RADIUS response would appear to be incorrect.


Solution
This is due to a wrong Shared Secret/ Secret Key between the FortiGate and the RADIUS server.
Labels:
4746
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.