Skip to main content
AlastairHill
AlastairHill
New Member
March 22, 2017
Question

FortiClient with Active Directory Integration

  • March 22, 2017
  • 4 replies
  • 17896 views

Hi all,

 

I have done a write up on integrating FortiClient with Active Directory.  Could you please read and give any suggestions on improvements.

 

http://www.alastairhill.c...tegration-fortios-5-4/

 

Regards,

Alastair

    4 replies

    YvesCa
    YvesCa
    New Member
    March 22, 2017

    Hi Alstair

    I did not read everything but a thing is very important.

    You must download the version of forticlient compatible with your FortiOS version and not the most recent.

     

    Regards

    Yves

    lmccuistian
    lmccuistian
    New Member
    March 22, 2017

    Looks good overall, but it may be worth mentioning/reminding people they must create the appropriate policies to ensure users of the VPN can access the network resources they need to access.

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    March 22, 2017

    Please always have the FortiOS version your article is based on. Even 5.4 could be obsolete in a year from now.

    emnoc
    emnoc
    New Member
    March 23, 2017

    Looks to come concerning forticlient version, it 's really should be read the release notes. Also behavior between windows 7 and window8 could be very different than macosx.

     

    And the sameholds true with  ipsec vrs ssl.

     

    Since this thread is about AD integration you should mention ldapsearch and a few diagnostic commands if it fails

     

    e.g

     

    [ul]
  • checking LDAP:// vsr LDAPS://
  • search baseDN
  • authentication failure
  • etc..[/ul]

     

    • AlastairHill
    AlastairHillAuthor
    New Member
    March 23, 2017

    Thank you for your suggestions.

     

    I have added the version to the post and in the future will do a post on troubleshooting, linking it to the present post.

     

    Thanks again,

    Alastair

    simple1689
    simple1689
    New Member
    March 23, 2017

    AlastairHill wrote:

    Hi all,

     

    I have done a write up on integrating FortiClient with Active Directory.  Could you please read and give any suggestions on improvements.

     

    https://forti-blog.000webhostapp.com/index.php/2017/03/22/forticlient-with-active-directory-integration/

     

    Regards,

    Alastair

     

    Funny stuff, I just did the SSL VPN setup for Active Directory authentication. The one issue I am having is...when adding my Domain Users into the AD Security Group, the new users cannot access. If I create test AD accounts and add to Group, I can authenticate through the VPN no problem. I have a feeling my users are still logged and are not receiving the proper Security permissions, but I am still trying to narrow down on this. 

     

    Found the issue to be related to the Common Name Identifier. If using CN or left blank, it would use the Display Name to authenticate. Swapped to samAccountName and now can authenticate as the pre-2k login. 

    Terms & ConditionsAccessibility statement