アプリケーション統合のトラブルシューティング
Fortinetコマンドラインインターフェイス(CLI)を使用して、問題をデバッグできます。
コンソールから認証を試行し、メッセージを確認する
認証しようとしたが失敗した。
CLIコンソールから以下のコマンドを実行します。
# diag debug application fnbamd 7 # diag debug enable
失敗した結果の例
不正なユーザーまたは不正な認証情報の場合
[1943] handle_req-Rcvd auth req 1189741811 for baduser in
Okta Radius Group opt=00000500 prot=10
[608] fnbamd_pop3_start-baduser
[539] __fnbamd_cfg_get_radius_list_by_group-Loading RADIUS
server 'Okta RADIUS' for usergroup
'Okta Radius Group' (3)
[314] radius_start-Opened radius socket 12
[1203] fnbamd_radius_auth_send-Compose RADIUS request
[1427] fnbamd_radius_auth_send-Sent radius req to server
'Okta RADIUS': fd=12, IP=10.20.251.19 code=1
id=135 len=122 user="baduser" using PAP
[682] auth_tac_plus_start-Didn't find tac_plus servers (0)
[402] ldap_start-Didn't find ldap servers (0)
[460] create_auth_session-Total 1 server(s) to try
[1626] fnbamd_radius_auth_validate_pkt-RADIUS resp code 3
[2580] fnbamd_auth_handle_radius_result-->Result for
radius svr 'Okta RADIUS' 10.20.251.19(0) is 1
[180] fnbamd_comm_send_result-Sending result 1
(error 0) for req 1189741811
[602] destroy_auth_session-delete session 1189741811
[1943] handle_req-Rcvd auth req 1189741812 for baduser
in Special1 opt=00000500 prot=10
[608] fnbamd_pop3_start-baduser
[304] radius_start-Didn't find radius servers (0)
[682] auth_tac_plus_start-Didn't find tac_plus servers (0)
[402] ldap_start-Didn't find ldap servers (0)
[452] create_auth_session-Error starting authentication
[1962] handle_req-Error creating session
[180] fnbamd_comm_send_result-Sending result 3
(error 0) for req 1189741812
成功した結果の例
適切な認証情報が入力され、チャレンジが受信されました
[1943] handle_req-Rcvd auth req 1189741817 for test in Okta Radius Group opt=00000500 prot=10
[608] fnbamd_pop3_start-test
[539] __fnbamd_cfg_get_radius_list_by_group-Loading RADIUS
server 'Okta RADIUS' for usergroup
'Okta Radius Group' (3)
[314] radius_start-Opened radius socket 12
[1203] fnbamd_radius_auth_send-Compose RADIUS request
[1427] fnbamd_radius_auth_send-Sent radius req to server
'Okta RADIUS': fd=12, IP=10.20.251.19 code=1
id=143 len=119 user="test" using PAP
[682] auth_tac_plus_start-Didn't find tac_plus servers (0)
[402] ldap_start-Didn't find ldap servers (0)
[460] create_auth_session-Total 1 server(s) to try
[1626] fnbamd_radius_auth_validate_pkt-RADIUS
resp code 11
[2580] fnbamd_auth_handle_radius_result-->Result
for radius svr 'Okta RADIUS' 10.20.251.19(0) is 2
[180] fnbamd_comm_send_result-Sending
result 2 (error 0) for req 1189741817
チャレンジ方式で選択されたセキュリティ上の質問
[2161] handle_req-Rcvd chal rsp for req 1189741817
[1203] fnbamd_radius_auth_send-Compose RADIUS request
[1427] fnbamd_radius_auth_send-Sent radius req to server
'Okta RADIUS': fd=12, IP=10.20.251.19
code=1 id=144 len=209 user="test" using PAP
[1626] fnbamd_radius_auth_validate_pkt-RADIUS resp code 11
[2580] fnbamd_auth_handle_radius_result-->Result for
radius svr 'Okta RADIUS' 10.20.251.19(0) is 2
[180] fnbamd_comm_send_result-Sending result 2
(error 0) for req 1189741817
セキュリティ上の質問に正しく回答した場合
[2161] handle_req-Rcvd chal rsp for req 1189741817
[1203] fnbamd_radius_auth_send-Compose RADIUS request
[1427] fnbamd_radius_auth_send-Sent radius req to server
'Okta RADIUS': fd=12, IP=10.20.251.19
code=1 id=145 len=209 user="test" using PAP
[1626] fnbamd_radius_auth_validate_pkt-RADIUS resp code 2
[2580] fnbamd_auth_handle_radius_result-->Result
for radius svr 'Okta RADIUS' 10.20.251.19(0) is 0
[2611] fnbamd_auth_handle_radius_result-Skipping
group matching
[863] find_matched_usr_grps-Skipped group matching
[180] fnbamd_comm_send_result-Sending result 0
(error 0) for req 1189741817
[602] destroy_auth_session-delete session 1189741817
[2251] handle_req-Rcvd 7 req
[301] fnbamd_acct_start_START-Error starting acct
[1288] create_acct_session-Error start acct type 7
[2265] handle_req-Error creating acct session 7
正常にサインアウトした場合
[2251] handle_req-Rcvd 8 req [359] fnbamd_acct_start_STOP-Error starting acct [1288] create_acct_session-Error start acct type 8 [2265] handle_req-Error creating acct session 8
