アプリケーション統合のトラブルシューティング
Fortinetコマンドラインインターフェイス(CLI)を使用して、問題をデバッグできます。
コンソールから認証を試行し、メッセージを確認する
認証しようとしたが失敗した。
CLIコンソールから以下のコマンドを実行します。
# diag debug application fnbamd 7 # diag debug enable
失敗した結果の例
不正なユーザーまたは不正な認証情報の場合
[1943] handle_req-Rcvd auth req 1189741811 for baduser in Okta Radius Group opt=00000500 prot=10 [608] fnbamd_pop3_start-baduser [539] __fnbamd_cfg_get_radius_list_by_group-Loading RADIUS server 'Okta RADIUS' for usergroup 'Okta Radius Group' (3) [314] radius_start-Opened radius socket 12 [1203] fnbamd_radius_auth_send-Compose RADIUS request [1427] fnbamd_radius_auth_send-Sent radius req to server 'Okta RADIUS': fd=12, IP=10.20.251.19 code=1 id=135 len=122 user="baduser" using PAP [682] auth_tac_plus_start-Didn't find tac_plus servers (0) [402] ldap_start-Didn't find ldap servers (0) [460] create_auth_session-Total 1 server(s) to try [1626] fnbamd_radius_auth_validate_pkt-RADIUS resp code 3 [2580] fnbamd_auth_handle_radius_result-->Result for radius svr 'Okta RADIUS' 10.20.251.19(0) is 1 [180] fnbamd_comm_send_result-Sending result 1 (error 0) for req 1189741811 [602] destroy_auth_session-delete session 1189741811 [1943] handle_req-Rcvd auth req 1189741812 for baduser in Special1 opt=00000500 prot=10 [608] fnbamd_pop3_start-baduser [304] radius_start-Didn't find radius servers (0) [682] auth_tac_plus_start-Didn't find tac_plus servers (0) [402] ldap_start-Didn't find ldap servers (0) [452] create_auth_session-Error starting authentication [1962] handle_req-Error creating session [180] fnbamd_comm_send_result-Sending result 3 (error 0) for req 1189741812
成功した結果の例
適切な認証情報が入力され、チャレンジが受信されました
[1943] handle_req-Rcvd auth req 1189741817 for test in Okta Radius Group opt=00000500 prot=10 [608] fnbamd_pop3_start-test [539] __fnbamd_cfg_get_radius_list_by_group-Loading RADIUS server 'Okta RADIUS' for usergroup 'Okta Radius Group' (3) [314] radius_start-Opened radius socket 12 [1203] fnbamd_radius_auth_send-Compose RADIUS request [1427] fnbamd_radius_auth_send-Sent radius req to server 'Okta RADIUS': fd=12, IP=10.20.251.19 code=1 id=143 len=119 user="test" using PAP [682] auth_tac_plus_start-Didn't find tac_plus servers (0) [402] ldap_start-Didn't find ldap servers (0) [460] create_auth_session-Total 1 server(s) to try [1626] fnbamd_radius_auth_validate_pkt-RADIUS resp code 11 [2580] fnbamd_auth_handle_radius_result-->Result for radius svr 'Okta RADIUS' 10.20.251.19(0) is 2 [180] fnbamd_comm_send_result-Sending result 2 (error 0) for req 1189741817
チャレンジ方式で選択されたセキュリティ質問
[2161] handle_req-Rcvd chal rsp for req 1189741817 [1203] fnbamd_radius_auth_send-Compose RADIUS request [1427] fnbamd_radius_auth_send-Sent radius req to server 'Okta RADIUS': fd=12, IP=10.20.251.19 code=1 id=144 len=209 user="test" using PAP [1626] fnbamd_radius_auth_validate_pkt-RADIUS resp code 11 [2580] fnbamd_auth_handle_radius_result-->Result for radius svr 'Okta RADIUS' 10.20.251.19(0) is 2 [180] fnbamd_comm_send_result-Sending result 2 (error 0) for req 1189741817
セキュリティ質問に正しく回答した場合
[2161] handle_req-Rcvd chal rsp for req 1189741817 [1203] fnbamd_radius_auth_send-Compose RADIUS request [1427] fnbamd_radius_auth_send-Sent radius req to server 'Okta RADIUS': fd=12, IP=10.20.251.19 code=1 id=145 len=209 user="test" using PAP [1626] fnbamd_radius_auth_validate_pkt-RADIUS resp code 2 [2580] fnbamd_auth_handle_radius_result-->Result for radius svr 'Okta RADIUS' 10.20.251.19(0) is 0 [2611] fnbamd_auth_handle_radius_result-Skipping group matching [863] find_matched_usr_grps-Skipped group matching [180] fnbamd_comm_send_result-Sending result 0 (error 0) for req 1189741817 [602] destroy_auth_session-delete session 1189741817 [2251] handle_req-Rcvd 7 req [301] fnbamd_acct_start_START-Error starting acct [1288] create_acct_session-Error start acct type 7 [2265] handle_req-Error creating acct session 7
正常にサインアウトした場合
[2251] handle_req-Rcvd 8 req [359] fnbamd_acct_start_STOP-Error starting acct [1288] create_acct_session-Error start acct type 8 [2265] handle_req-Error creating acct session 8
パケットをキャプチャする
管理者はパケットをキャプチャする必要があります。