Fortigate fails to autenticate with Radius Aruba ClearPass

Elena_Madrigal · ‎08-11-2017

Hello Team

We have a Fortigate 1500D ( with fortiwifi) 5.4.4 Version, We are implementing a captive portail with external autentication versus a Clearpass Also have a SSID with WPA2 enterprise with de same radius server.

We added the clearpass as radius server and the test result is susccesfully. But when a put this radius server as autenticator of one SSID, The autentication fails. With both .captive portal and with WPA2 Enterprise.

We have tried diferents methods , PAP CHAP, MS-CHAPv2 etc ... And always fail.

When i put another server to autenticate for examplea a LDAP server, The autentication works fine.

I have attached a capture debug with a test user

What could be happening? Thanks!

Cheers.

Elena_Madrigal · ‎08-17-2017

Please any idea?

emnoc · ‎08-17-2017

1: check radius secret

2: check if the radius server is accessible ( layer3/4 ) ...use a packet capture

3: capture the accept or reject message ....again a packet capture

4: use a 3rd party radiustest client to test the user/radius secret etc.....

That's what I would do.

Ken

PCNSE

NSE

StrongSwan

hawada · ‎08-11-2018

Hi Elena,

Is your Clearpass server also integrated with your Domain controller?

What is the error appearing on the Access Tracker?

First, integrate your CPPM server with FGT and test the connection between them with the below command:

# diagnose test authserver radius radius-srv pap <username> <password>

you must see a successful result.

After that create your Enforcement profiles and Enforcement policies on clearpass, then create a Service Rule and assign the rules in the attached image and check if it works.