Access a Windows Share via SSO Policy

Hello everyone,

I have an issue with a Fortigate access policy.

Our environment:

FortiGate 1000C v5.2.10

Fortinet SSO Terminal Server Agent 5.0.254.0

Windows Terminal Server 2008 Datacenter Edition

Windows Fileserver Server 2003 R2

We are working with this SSO constellation for Webfiltering / Internetaccess and it works fine.

The Agent identifys the user and I can use the Fortigate AD Connector SSO groups for our policies, to access the Internet or other webportals from any internal machines. So far so good.

We have a special older Fileserver in another Networksegment and want to grant SMB access to this Server via our SSO Groups / Policies.

I defined an acces rule

Network A, can access the Fileserver in Network B.

Users: SSO User group A

Protocol: Any

As a member of SSO User group A, I can access the Fileservers webpage via http/https. I can connect to the Server via RDP. But I cannot acces the Servers Fileshares. No authentication window pops up.

If I modify the access rule and delete the users group entry.

Everything works as intended and I can access the fileshare of the fileserver.

Can anyone imagine, why this access do not work with a SSO group in the rule?

Could it be, that the SSO credentials are directly being used to auth. with the fileserver? (That older Fileserver is not a domain member)

Thanks a lot

Carol