LDAP group user explicit proxy

Forum|Forum|2 years ago
July 25, 2023
1 reply
1259 views

Hello everyone !

I have a weird bug with explicit proxy .

All users( with exception of 2 )

gets only domain user group .

while test in cli shows 2 groups For user

FortiGate-201F_Backup # diagnose test authserver ldap ldap-kerberos testuser testpass
authenticate 'testuser' against 'ldap-kerberos' succeeded!
Group membership(s) - CN=PC,OU=Permissions,OU=Groups,

OU=AEG,DC=domain,DC=local
CN=Domainusers,OU=Permissions,OU=Groups,OU=AEG,DC=Domain,dc=local

So this user only gets one group shown in “assets & identities - firewall users “

and so firewall rule does not work correctly as it shows only 1 group “domainuser”.

And the main weird thing is that

there are 2 users in domain where fortigate displays correctly in assets & identities - firewall users “ “2 or 3 or 4 whatever” groups for those users and the firewall policy works correctly for them .

FortiGate

Best answer by SoAol

update found solution :

after searching for 3 days the ldaps user connected to fortigate and http/ keytab-

give him rights domain admin and now everthing is working fine

Active Directory - fortigate user - member of domain users / journal reader / domain admin

SoAolAuthorAnswer

New Member

update found solution :

after searching for 3 days the ldaps user connected to fortigate and http/ keytab-

give him rights domain admin and now everthing is working fine

Active Directory - fortigate user - member of domain users / journal reader / domain admin

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded