Skip to main content
ecalderon
ecalderon
New Member
December 19, 2018
Question

FSSO Polling Not Working

  • December 19, 2018
  • 2 replies
  • 10385 views

Hello, 

I'm configuring a FGT with FSSO in polling mode without agent for a small network.  I'm having some issues. I don't see any FSSO users but the Active Directory connector is up.

And see the following output from the comand "diag debug application fsso 255" 

[fsso_ldap_session_state:73] ldap session state transit from init->user for user karina. [fsso_ldap_session_state:73] ldap session state transit from user->done for user karina. [event_add_logon_info:352] eid=4776, logon=[Administrador], ipaddr=[], station=[name], domain=[], clt_workstation=, port=0, tm=1545257899 [event_add_logon_info:352] eid=4776, logon=[katherine], ipaddr=[], station=[\\IBR], domain=[], clt_workstation=, port=0, tm=1545257918 [event_add_logon_info:374] no domain from 192.168.2.215 [event_add_logon_info:352] eid=4776, logon=[importaciones], ipaddr=[], station=[ECS], domain=[], clt_workstation=, port=0, tm=1545257912 [event_add_logon_info:374] no domain from 192.168.2.215

 

Any ideas of what might be the problem? 

 

 

    2 replies

    xsilver_FTNT
    Staff
    xsilver_FTNT
    Staff
    December 20, 2018

    Is the workstation logged into the domain ?

    ecalderon
    ecalderonAuthor
    New Member
    December 20, 2018

    Hello Tomas,

    Yes, the workstation is logged into the domain. I see the same message for every logon event in the network.  The Domain Controller is IP address .215. I guess for some reason I'm not getting the Domain from the Controller so FGT cannot solve de Computers name to an IP Address and I don't see any logon as a result:

    # diag debug auth fsso list ----FSSO logons---- Total number of logons listed: 0, filtered: 0 ----end of FSSO logons----

     

    # diag debug authd fsso server-status # Server Name                          Connection Status     Version               Address -----------                          -----------------     -------               ------- Local FSSO Agent                     connected             FSAE server 1.1       127.0.0.1 Server Name                          Connection Status     Version               Address

     

     

    ecalderon
    ecalderonAuthor
    New Member
    December 20, 2018

    ** Update

    Checking on the   fsso-polling detail I see the messge LDAP query fail 

     

     

    diag debug fsso-polling detail

    AD Server Status(connected): ID=1, name(192.168.1.215),ip=192.168.1.215,source(security),users(0) port=auto username=Administrador read log eof=1, latest logon timestamp: Thu Dec 20 16:20:57 2018

    polling frequency: every 10 second(s) success(17456), fail(0) LDAP query: success(0), fail(1821) LDAP max group query period(seconds): 1 LDAP status: connected

    JuniorP93
    JuniorP93
    New Member
    June 6, 2019
    Bonjour tout le monde j'ai un fgt 501E j'ai configuré le fsso, le LDAP fonctionne correctement , FSSO reconnait les utilisateurs, leurs groupes ainsi, que le domaine au quel ils appartiennent. Seulement lorsque j'active une politique d'authentification , les différents users créés n'arrivent plus à communiquer ni avec le fgt ni avec les autres utilisateurs
    Terms & ConditionsAccessibility statement