Clients fail to authenticate by the Radius server while using the windows log on name.
KB ARTICLE TYPE: Troubleshooting
RELATED PRODUCTS: Controller
RELATED SOFTWARE VERSIONS: N/A
KEYWORDS: Controller, SSID, radius server
STEPS TAKEN FOR TROUBLESHOOTING:
STEP 1 : | Verified the security profile configuration and the ESS profile configuration. The security type is selected as WPA-TKIP and the Radius profile is mapped to the security profile. The ESS profile created is mapped to the respective security profile. |
STEP 2 : | Verified the Radius configuration. The Radius profile is created and the Remote access policy was set with the correct attribute with the Windows group selected where the users are mapped. The EAP Method selected as MS-CHAPv1 and MS-CHAPv2. The EAP type was selected as Protected EAP. The type used to authenticate is EAP-TTLS and verified if the correct certificate is mapped to the correct EAP type. |
STEP 3: | Both the controller and the Radius server configurations were performed correctly. |
STEP 4 : | Tried testing the client again, as the configurations were done correctly. The client failed to authenticate successfully. It was not talking the windows log on name instead it was prompting for the user credentials. |
STEP 5: | Verified if the client using the Windows supplicant configuration was done correctly. Found that the client was not configured correctly. Verified the SSID added in the preferred Networks by going to the wireless properties of the adapter. The security type and the Network authentication Methods were selected correctly. The checkbox stating "Validate server certificate" was unchecked and the authentication method was configured to use the users created in the ADS as the option "Automatically use the Windows Log on name and password (and domain if any)" was unchecked. |
STEP 6: | Configured the authentication method to use the windows log on credentials by selecting the option "Automatically use the Windows Log on name and password (and domain if any)". |
STEP 7: | Tested the client connectivity - the client got connected successfully and was associated to the network. |
RESOLUTION : | Configuring the SSID and the authentication parameters correctly in the client fixed the issue. |
ROOT CAUSE: | The controller and the Radius server were configured correctly. The client failed to authenticate as the authentication parameters were not set correctly |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.