Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
robinct
New Contributor

Radius authentication using remote challenge

I'm working on RADIUS authentication together with MS NPS and Azure MFA.

So far, it works great when using "app notification". As in, a simple confirmation button in the app.

 

What I'm trying to achieve right now is to use the verification code from the app instead.

 

When I use "diagnose test authserver radius <server> pap user password, I receive a prompt "Enter Your Microsoft verification code", where I enter the code and I'm successfully authenticated.

 

However, when I try to use the same user logging into the firewall itself, it fails.

 

Via ssh, I get a question, "Remote Token" and after inputting a correct code, the connection is closed.

Via web, I get a second token input in the login form, input a correct code, and after a short while, I get authentication failed.

4 REPLIES 4
robinct
New Contributor

Never mind this. This was our internal NPS extension behaving differently when the authorization request came from a challenge request instead of the regular accept request.

gabobastidas

Hi, I'm experiencing the same issue when to use the verification code by Forticlient VPN.

 

I receive a prompt "Enter Your Microsoft verification code" but the authentication fails.

 

 

Could you share the change you made in the NPS extension?

robinct

Hi,

 

The error came from an internal NPS extension. I didn't experience any problems using only the bundled extensions, so can't really say what the issue is.

 

The NPS server should give some hints via the Event log though.

emnoc
Esteemed Contributor III

And add grab a packet capture . You can see the request access-rejected|accept|challenge request in the dump. It can go a long way with analyzing the issue.

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors