Skip to main content
student1363
student1363
New Member
January 15, 2018
Question

VPN Authentication with Active Directory

  • January 15, 2018
  • 3 replies
  • 8075 views

Hi,

 

I have created some groups in "User Groups" and used "remote groups" in active directory to map a group to them.

Now, when I create VPN (L2TP or PPTP) I can not login with a active directory user, but it works with local users. (I don't use FSSO)

 

Thanks

    3 replies

    robdog
    robdog
    New Member
    January 15, 2018

    Do this to see where the auth is failing

     

    diagnose debug enable

    diagnose debug application fnbamd 255

     

    Then check the authentication

     

    diagnose test authserver ldap LDAP-server username password

     

    to stop debug

     

    diagnose debug application fnbamd 0

    diagnose debug reset

    diagnose debug disable

     

    If you are able to auth against LDAP successfully then debug the vpn auth process

     

    diagnose debug reset diagnose debug app ike -1 diagnose debug app fnb -1 diagnose debug enable - test a login, use these commands to disable and reset the debug: diagnose debug disable diagnose debug reset

    robdog
    robdog
    New Member
    January 15, 2018

    Show me the configuration please and syntax of the auth command you entered?

    student1363
    student1363Author
    New Member
    January 15, 2018

    Thanks for your handy commands. Here is the OUTPUT and interestingly it seems that FG doesn't use LDAP as authentication server!

    [1943] handle_req-Rcvd auth req 67546375 for EeSadegh in Admins opt=00000000 prot=4 [345] __compose_group_list_from_req-Group 'Admins' [608] fnbamd_pop3_start-EeSadegh [304] radius_start-Didn't find radius servers (0) [682] auth_tac_plus_start-Didn't find tac_plus servers (0) [452] create_auth_session-Error starting authentication [1962] handle_req-Error creating session [180] fnbamd_comm_send_result-Sending result 3 (error 0) for req 67546375

    I did the configuration base on fortinet guide, what did I miss?

    student1363
    student1363Author
    New Member
    January 15, 2018

    I used wizard for configuration (Custom).

    first I created Group "Admins" as the picture I have attached. Next, I entered bellow commands:

    Config vpn L2TP set sip 192.168.10.1 set eip 192.168.10.101 set status enable set usrgrp L2TP_users

    end

    Then, through wizard I set up a IPSec Tunnel.In Tunnel configuration "XAuth" is disabled.

     

    Terms & ConditionsAccessibility statement