Need help with fortigate authentification group users
- August 2, 2018
- 2 replies
- 4821 views
Hello everyone I'm here and beginner to
I'm using fortigate 60e i setup an ldap server and i linked it successfully to fortigate .... and i set up group users the problem is the group members cant login while when i set the groups to any they can login successfully i'm using openldap here is my diagnose test and my open ldap configuration .... thanks
[2116] handle_req-Rcvd auth req 526552581 for admin in LDAP opt=0000001b prot=0
[352] __compose_group_list_from_req-Group 'LDAP'
[605] fnbamd_pop3_start-admin
[1001] __fnbamd_cfg_get_ldap_list_by_server-Loading LDAP server 'LDAP'
[867] resolve_ldap_FQDN-Resolved address 192.168.0.102, result 192.168.0.102
[1143] build_search_base-search base is: dc=localhost,dc=ma
[1263] fnbamd_ldap_init-search filter is: cn=admin
[489] create_auth_session-Total 1 server(s) to try
[263] start_search_dn-base:'dc=localhost,dc=ma' filter:cn=admin
[1649] fnbamd_ldap_get_result-Going to SEARCH state
[2781] auth_ldap_result-Continue pending for req 526552581
[296] get_all_dn-Found DN 1:cn=admin,dc=localhost,dc=ma
[310] get_all_dn-Found 1 DN's
[344] start_next_dn_bind-Trying DN 1:cn=admin,dc=localhost,dc=ma
[1697] fnbamd_ldap_get_result-Going to USERBIND state
[2781] auth_ldap_result-Continue pending for req 526552581
[570] start_user_attrs_lookup-Adding attr 'memberOf'
[591] start_user_attrs_lookup-base:'cn=admin,dc=localhost,dc=ma' filter:cn=*
[1753] fnbamd_ldap_get_result-Entering CHKUSERATTRS state
[2781] auth_ldap_result-Continue pending for req 526552581
[793] get_member_of_groups-Get the memberOf groups.
[820] get_member_of_groups-attr='memberOf' - found 0 values
[1785] fnbamd_ldap_get_result-Auth accepted
[1921] fnbamd_ldap_get_result-Going to DONE state res=0
[2595] fnbamd_auth_poll_ldap-Result for ldap svr 192.168.0.102 is SUCCESS
[2615] fnbamd_auth_poll_ldap-Skipping group matching
[895] find_matched_usr_grps-Skipped group matching
[182] fnbamd_comm_send_result-Sending result 0 (error 0, nid 0) for req 526552581
[634] destroy_auth_session-delete session 526552581
authenticate 'admin' against 'LDAP' succeeded!
FortiGate-VM64-KVM # diagnose test authserver ldap LDAP admin123 123456
[2116] handle_req-Rcvd auth req 526552582 for admin123 in LDAP opt=0000001b prot=0
[352] __compose_group_list_from_req-Group 'LDAP'
[605] fnbamd_pop3_start-admin123
[1001] __fnbamd_cfg_get_ldap_list_by_server-Loading LDAP server 'LDAP'
[867] resolve_ldap_FQDN-Resolved address 192.168.0.102, result 192.168.0.102
[1143] build_search_base-search base is: dc=localhost,dc=ma
[1263] fnbamd_ldap_init-search filter is: cn=admin123
[489] create_auth_session-Total 1 server(s) to try
[263] start_search_dn-base:'dc=localhost,dc=ma' filter:cn=admin123
[1649] fnbamd_ldap_get_result-Going to SEARCH state
[2781] auth_ldap_result-Continue pending for req 526552582
[296] get_all_dn-Found DN 1:cn=admin123,cn=Administrateur,ou=groups,dc=localhost,dc=ma
[310] get_all_dn-Found 1 DN's
[344] start_next_dn_bind-Trying DN 1:cn=admin123,cn=Administrateur,ou=groups,dc=localhost,dc=ma
[1697] fnbamd_ldap_get_result-Going to USERBIND state
[2781] auth_ldap_result-Continue pending for req 526552582
[570] start_user_attrs_lookup-Adding attr 'memberOf'
[591] start_user_attrs_lookup-base:'cn=admin123,cn=Administrateur,ou=groups,dc=localhost,dc=ma' filter:cn=*
[1753] fnbamd_ldap_get_result-Entering CHKUSERATTRS state
[2781] auth_ldap_result-Continue pending for req 526552582
[793] get_member_of_groups-Get the memberOf groups.
[820] get_member_of_groups-attr='memberOf' - found 0 values
[1785] fnbamd_ldap_get_result-Auth accepted
[1921] fnbamd_ldap_get_result-Going to DONE state res=0
[2595] fnbamd_auth_poll_ldap-Result for ldap svr 192.168.0.102 is SUCCESS
[2615] fnbamd_auth_poll_ldap-Skipping group matching
[895] find_matched_usr_grps-Skipped group matching
[182] fnbamd_comm_send_result-Sending result 0 (error 0, nid 0) for req 526552582
[634] destroy_auth_session-delete session 526552582
authenticate 'admin123' against 'LDAP' succeeded!