Technical Tip: Configuring a Poll Active Directory Server as an external connector
Description
This article describes how to configure a Poll Active Directory Server as an external connector in FortiGate with FortiManager.
Scope
FortiManager, FortiGate.
Solution
1) Go to Policy & Objects -> Object Configurations -> User & Authentication -> LDAP Servers.
2) Create a new LDAP server.
3) Go to Fabric View -> Connectors, select Create New, then select Poll Active Directory Server.
4) Enter the server IP address, user name, and LDAP server. FortiManager will display the information retrieved from the AD server once the LDAP server has been selected.
4) Enter the server IP address, user name, and LDAP server. FortiManager will display the information retrieved from the AD server once the LDAP server has been selected.
5) Select the correct group and select '+ Add Selected'. On the Selected tab, the list will show the selected group.
6) Go to Policy & Objects -> Object Configurations -> User & Authentication -> User Groups and select '+ Create New'.
7) Insert the group name and select FSSO/SSO Connectors as the type. On Members, select Click here to select and the selected AD group will become visible. Select the group.
7) Insert the group name and select FSSO/SSO Connectors as the type. On Members, select Click here to select and the selected AD group will become visible. Select the group.
8) It is now possible to add the user group in firewall policies.
9) Install the policy package and device settings with the Install Wizard.
The configuration will have been installed to FortiGate successfully:
The configuration will have been installed to FortiGate successfully:
Troubleshooting
The following diagnostic commands can be used for live debugging while reproducing the logon issue:
# diag debug application fnbam 255 <- Up to version 6.4.2
# diag debug application auth 255 -> From version 6.4.3