Migrate local RADIUS users to remote LDAP with tokens?

Forum|Forum|9 years ago
March 9, 2017
1 reply
4763 views

We have ~100 users with FortiMobile tokens, and in FAC they are setup as local RADIUS users, and dual-factor authenticate against a RADIUS/LDAP server (Microsoft NPS). We did it this way because at the time FAC did not support multiple LDAP domains, but it does now.

I would like to migrate these users to be LDAP authenticated directly against AD domain controllers, added to FAC groups automatically based on the LDAP filter (Remote User Sync Rules).

Is there a way to migrate them without having to re-issue their tokens, which would force them to re-install the token on their smartphone?

I don't see how, since it basically means deleting one account, and re-creating it as a different type. Just hoping there is migrate function I haven't seen.

cbabfat

Visitor III

We did the same thing and now have over 500 users "stuck" in radius. Hoping for a solution to migrate that I don't ever expect to come.

ergotheregoAuthor

New Member

I never found a way to do this automatically, so I ended up having to manually re-assign tokens to users' remote LDAP accounts.

I haven't checked the API documentation for FAC yet, but that may be an option on the server-side.

Users will still have to install the new token which is the biggest hassle of this.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded