For When You Can't Have The Real Thing
[ start | index | login ]
start > FortiOS > 5 > Test Authentication Servers

Test Authentication Servers

Created by dave. Last edited by dave, 3 years and 37 days ago. Viewed 2,035 times. #5
[diff] [history] [edit] [rdf]
labels
attachments
(2014-05-22)

Testing authentication

These cli commands can help you test your radius or ldap server:

# diag test auth radius <server_name> <chap | pap | mschap | mschap2> <username> <pwd> 
# diag test authserver ldap <server_name> <username> <pwd>

These commands turn on more extensive debugging output for authentication which can be useful for figuring out what is wrong:

# diag debug reset
# diag debug application fnbamd –1
# diag debug enable

I've had situations where pressing the <test> button works, group lookup works, but actual authentication fails. In one case the diag steps above showed me that TLS wasn't actually happening.

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt