Skip to main content
kelvyn
kelvyn
New Member
January 24, 2019
Question

FSSO no Internet

  • January 24, 2019
  • 2 replies
  • 5069 views

Hello everyone,

I'm having a problem with user authentication and rule filtering in Fortinet. Here is my problem: After configuring the LDAP server and SSO in Fortinet, I define a group of users based on an AD group. I create a rules to filter these users, but the rules do not apply. The computers in the other VLANs are authenticated with the Fortinet IP address and not the station IP address in the SSO agent.

I saw on another post where I had to put the AD Poll and not the Fortinet SSO agent. But when I turn on AD polling my users have a Fortinet web page asking them to authenticate. Can you help me solve this problem?

 

Regards

 

2 replies

baggins
baggins
New Member
January 24, 2019

Hi Kelvyn,

 

Can you please reupload your configuration..

kelvyn
kelvynAuthor
New Member
January 24, 2019

Hi,

Here is configuration screenshot : https://imgur.com/a/2R0Wtp3

 

Regards

baggins
baggins
New Member
January 25, 2019

Hi,

 

Thnx for the screenshoots...

 

 Related to the FSSO troubleshooting you can check with this for some problems:

diag debug authd fsso server-status 
diag debug auth fsso list 
diag debug enable

 

On the other hand I had a problem with this part of the configuration:

config authentication rule
    edit "ntlm"
        set status enable
        set protocol http
        set ip-based enable
        set active-auth-method 'ntlm'
        set sso-auth-method 'fsso'
        set comments 'optional'
    next
end
config authentication scheme
    edit "ntlm"
        set method ntlm basic
        set user-database "yourAD1" "yourAD2"
    next
    edit "fsso"
        set method fsso
    next
end

config authentication setting
    set active-auth-scheme "ntlm"
    set sso-auth-scheme "fsso"
end

 

so check those two if you have it configured and what the logs are telling you.

Let me know the result so we can troubleshoot further.

 

And when you are finished with CLI don't forget to clean.. :)

diagnose debug disable
diagnose debug flow trace stop
diagnose debug flow filter clear
diagnose debug reset

 

kelvyn
kelvynAuthor
New Member
January 26, 2019

Hi,

Thanks for you reply.

When i paste command in CLI, i have an error with this command :

set active-auth-method 'ntlm' entry not found in datasource value parse error before 'ntlm' Command fail. Return code -3

 

Regards

 

 

Terms & ConditionsAccessibility statement