Test Authentication Servers

Testing authentication

These cli commands can help you test your radius or ldap server:

# diag test auth radius <server_name> <chap | pap | mschap | mschap2> <username> <pwd>
# diag test authserver ldap <server_name> <username> <pwd>

These commands turn on more extensive debugging output for authentication which can be useful for figuring out what is wrong:

# diag debug reset
# diag debug application fnbamd –1
# diag debug enable

I've had situations where pressing the button works, group lookup works, but actual authentication fails. In one case the diag steps above showed me that TLS wasn't actually happening.

arp

Backup ISP with some traffic selection

crashlog

DHCP and PPPoE

DHCP Client Leases

DHCP Reservation

HA Cluster Member Firmware Revisions

Interface Duplex

Interface Mode

Interface Status

Memory Logging

Packet Capture

Radius Server Definition

Reset Admin Password

Reset to Factory Defaults

Routing Table

Simple Commands

Syslog

Test Authentication Servers

Configuration Preparation

DHCP Reservation

Dual-WAN Gateways

EXT3 fs error (device)

HA Cluster Status

HA Cluster Synchronization

Management Access

VoIP Clients with Fortigates

VPN Fragmentation

VPN Tunnel Details

CLI Disk Scan FSCK

CLI Upgrade Firmware

Connecting Multiple vDOMs to the same VLAN

CPU is pinned

Debug Flow

Debug Session

Debug Sniffer

Factory Reset

Fixing HA Sync Problems

Forticlient Registering To Fortigate

List DHCP Client Leases

List SSLVPN Users

RTC Power Status Failed

SSLVPN Logs Out After 8 Hours

System Time

VPN Flapping Leads To Bogus Routing

Wifi Clients Connect But Can't Get DHCP Lease

BGP Neighbors

BGP Sessions

DH Selection for VPNs

FortiCloud Debug Commands

FortiOS LLDP

IPsec Not Passing Packets

List DHCP Clients CLI

Microsoft Office Whitelisting

Routing Table

SSH Pubkey Login

SSL Security Settings

SSLVPN DNS Suffix

System Version from CLI

Traffic Shaping Policy

CLI Restore Configuration

Displaying Logs From Console

iPerf3 on Fortigates

IPSA self test failed, disable IPSA!

LDAP lookup account considerations

List Connected Users

Read-Only Admin Profile

SD-WAN Diagnostics

VPN Debug

VPN Tunnel Interface Address

Wifi 802.1x with LDAP Groups

FortiClient Error Codes

Device Table Size Maximum

Device-Local Certificate Expired

CLI Policy Lookup

IPsec MTU Adjustments

IPsec MTU Varies By Encryption Algorythm

Link Monitor

Looking at logs via CLI

Check Geo-IP Region For A Specific IP