Fortinac-F and multiple domains

Forum|Forum|6 months ago
December 10, 2025
1 reply
540 views

Hi!

I assume, that fortinac supports multiple AD directories.

I have connected NAC to two separate AD domains(directories).

Let's say(for example):

Domain 1 is "domain1.local"

Domain 2 is "something.domain2.local"

Auhtentication is done with EAP (TLS) host certificates, so hosts are for example:

host1.domain1.local

and

host2.something.domain2.local

dNSHostName is used as identifier, because we use only machine certificates

Directories are synced normally and groups can be selected from Directory settings.

Seems that Fortinac can search LDAP data only for domain1.local. (Group membeship etc)

BUT for domain something.domain2.local LDAP queries don't work.

(getLdapHost(), found ldapHost: false )

Is there a limitation, that only domains with 2 parts work?

so:

a.b domain works, but c.d.e not, because it has three parts?

BR, A

FortiNAC

ebilcari

Staff

It shouldn't be a limitation. Have you configured both directories with their respective domains in 'Domain Name' field?

The details for handling multiple directories are shown in this section of the Administration guide.

Emirjon

ArzkazAuthor

Visitor III

Yes, its correctly configured just like it's told in your linked section.

ebilcari

Staff

What is the firmware version of FNAC? How is the domain configured for the secondary domain?
You can try setting only the base domain for the second domain and enable “Perform Lookup On Referral” as shown in this article: Technical Tip: Unable to search subdomains in directory

Emirjon

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded