Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

mikebutash
New Contributor

LDAP Authentication Issues

Hi, I've been setting up a number of ftnt components against an AD instance, and I can't seem to get Authenticator to work against ldap.  I re-setup an older 5.2.0 instance to auth against my DC, and by all other measurements it works fine, but I can't import users or anything from the ldap menu.  It always comes back "query failed", which after a great deal of testing, seems to be a problem with Authenticator.  I setup my fortigate using the same setup, and it works fine for everything (vpn, fsso, admin, everything ldap), but Authenticator is still not allowing me actual user integration from the Remote Auth LDAP menus when I attempt to pull down users.

I upgraded the vm to 5.4.0 as well, same thing. It seems just broken.

Anyone else run into this with 2012 DC setups?  I'm setting up fmg, faz, and fml parts against this (ideally) too, so would like to get authenticator as a central component.  I've got a few customers interested in like setup, so would like to demo my environment with these features.

So far everything else works, but would like to leverage FAC as a central component since FAZ/FMG don't work so great with LDAP, where Radius is nice to leverage, if LDAP works as an auth/group mapping source.

Thanks in advance!

------------------------------
-mb
------------------------------
-mb
-mb
3 REPLIES 3
rmoussa
Contributor

Hi,

Can you tell me what Authenticator Model you are using ?

Regards
Rony

------------------------------
Rony Moussa
Fortinet NSE Certified: Level 8
------------------------------
Rony Moussa
Fortinet NSE Certified: Level 8
Rony MoussaFortinet NSE Certified: Level 8
mikebutash

Hi Rony, this is a KVM VM instance of FAC.

------------------------------
-mb
------------------------------
-mb
-mb
DeepKuma2
Contributor

Hi,
I am not sure what is happening in your network. Please share logs from Server and FortiGate device. As per my experience, this may issue with User rights for reading AD details.

Regards,
Deepak Kumar

------------------------------
Deepak Kumar
First Option General Trading LLC
Dubai
------------------------------
Deepak Kumar First Option General Trading LLC Dubai
Deepak Kumar First Option General Trading LLC Dubai