LDAP and RADIUS
I have configuration where I have few groups with LDAP authorization and few groups with RADIUS authorization.
I noticed that when I used LDAP group to VPN connection my Microsoft NPS with Radius server got request about user. This request is rejected. User established connection and in logs on my vpn device I see that this user is authentication with LDAP group.
If in NPS network policy I added group for this user I got MFA prompt when try establish vpn connection. If do nothing and wait user will be connected to sslvpn. On NPS I see rejected access but on logs in fortigate i see user used ldap groups.
Why fortigate device send request to NPS server if user is only in group which is assigned to LDAP server?
(NPS is installed on DC, LDAP and NPS have this same IP)