auth fail due to group restrictions -- Fortinet 60D

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

auth fail due to group restrictions -- Fortinet 60D

scott.gayler
I am using a Fortinet 60D as an SSL VPN endpoint
WiKID is the Radius authentication protocol

I am having problems getting groups to work correctly.

I've created a group
I've added a return Filter-Id attribute with a value of "Prod"  (without quotation marks)

On the VPN endpoint i am searching for the group name but I am getting the error "auth fail due to group restriction"

From the WiKID appliance, when running a tcpdump i see:

      Filter ID Attribute (11), length: 6, Value: Prod


Is there any know configuration issue with using groups from a Fortinet device (the how to document on Fortinets doesn't address user groups)

thank you very much
Scott G
Reply | Threaded
Open this post in threaded view
|

Re: auth fail due to group restrictions -- Fortinet 60D

Nick Owen
Administrator

There are no known issues with groups.

The only thing I would suggest is to try radlogin for testing.  It might show spending tcpdump doesn't.  

On Oct 8, 2015 7:40 PM, "scott.gayler [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:
I am using a Fortinet 60D as an SSL VPN endpoint
WiKID is the Radius authentication protocol

I am having problems getting groups to work correctly.

I've created a group
I've added a return Filter-Id attribute with a value of "Prod"  (without quotation marks)

On the VPN endpoint i am searching for the group name but I am getting the error "auth fail due to group restriction"

From the WiKID appliance, when running a tcpdump i see:

      Filter ID Attribute (11), length: 6, Value: Prod


Is there any know configuration issue with using groups from a Fortinet device (the how to document on Fortinets doesn't address user groups)

thank you very much
Scott G



To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML