Skip to main content
dontmindme
dontmindme
Explorer
November 17, 2021
Solved

Local user authentication. Captive portal alternative?

  • November 17, 2021
  • 2 replies
  • 3445 views

Scenario: Small office with users and no AD-Domain.

Is it possible to have a local agent installed (forticlient? Anything else?) on each computer logged in with a username/password and have that information sent to the fortigate when accessing rules etc instead of manually having to log on/into the captive portal every day?

 

The end goal is to enter the username/password once on each computer and identify the users automatically.

Any input appreciated!

 

Best answer by aahmadzada

Hi @dontmindme,

 

In case if you do not have a centralized solution for the user authentication, I`m afraid there is not much can be done in order to fulfill your requirement.
The easiest way of doing this would be to:
1. Deploy AD and join all PCs to the domain

2. Configure local FSSO poller on the Fortigate.

3. Use the FSSO groups in the appropriate policies.

 
As a result - the user logged in to his PC will generate a logon event on the AD.

That logon event will be polled by a local FSSO poller and the logon event for that user will be generated on the Fortigate.

Regards,

 

 

 

2 replies

Troubleshooter_73
Troubleshooter_73
Explorer
November 17, 2021

So from your description I would assume, you have to integrate any Authentication source, like FortiAuthenticator, LDAP, AD or RADIUS with NPS and/or a Certification Authority for cert based authentication. Maybe, if the customer is using an AzureAD for it's O365 Services, the SAML Auth feature may be a solution...?

aahmadzada
Staff
aahmadzadaAnswer
Staff
November 18, 2021

Hi @dontmindme,

 

In case if you do not have a centralized solution for the user authentication, I`m afraid there is not much can be done in order to fulfill your requirement.
The easiest way of doing this would be to:
1. Deploy AD and join all PCs to the domain

2. Configure local FSSO poller on the Fortigate.

3. Use the FSSO groups in the appropriate policies.

 
As a result - the user logged in to his PC will generate a logon event on the AD.

That logon event will be polled by a local FSSO poller and the logon event for that user will be generated on the Fortigate.

Regards,

 

 

 

dontmindme
dontmindmeAuthor
Explorer
November 19, 2021

Ok, it seems that this is not a workable solution then. The computers are stand-alone and i was looking for a solution to authenticate the users in another way than captive portal. Setting up a AD for the purpose and joining computers are a overkill solution to a simple local setup.

 

Sadly accepting this as a solution.

Thank you!

 

Terms & ConditionsAccessibility statement