FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
lmarinovic
Staff
Staff
Article Id 195891

Description


This article describes how to enable active Directory domain authentication on FortiAuthenticator and then, how to monitor it.

Solution

 

  1. Settings.

After create New LDAP remote server on FortiAuthenticator, edit LDAP server and enable Windows Active Directory Domain Authentication.

 

Go to Authentication -> Remote Auth. Servers -> LDAP -> Edit Remote LDAP Server

 

  • Select check box 'Radio' button.
  • Kerberos realm name: TAC.LOCAL.
  • Domain NetBIOS name: TAC.
  • FortiAuthenticator NetBIOS name: FortiAuthenticar.
  • Administrator username: Administrator.
  • Administrator password: Password.

 

130.png

 

  • To Know Kerberos by CMD in Windows Domain Server type: 'echo %userdnsdomain%' -> and identify: 'USERDNSDOMAIN='

135.png

 

  • To Know NetBIOS by CMD in Windows Domain Server type: 'echo %userdomain%' -> and identify: 'USERDOMAIN='

134.png

 

  • To know more information about Windows Sever type: 'set'

 

133.png

 

  1. Monitoring.

Go to Monitor -> Authentication -> Windows Active Directory Server.

 
108.png

 

  • It is important to check the Connection status and time synchronization between FortiAuthenticator and Windows active directory server.
  • If the status shows: 'Connection: joined domain, connected' -> This is the correct behavior.
  • If it shows: 'Connection: joined domain, not connected'-> Crosscheck the settings again but also the time synchronization on FortiAuthenticator.
  • Incorrect date or time might cause this to fail.
  • Refer to : Troubleshooting Tip: FortiAuthenticator error: Failed to join Windows AD network: Domain Name

 

  1. Logs.
  • Go to FortiAuthenticator -> Logging -> Log Access -> Logs.
  • Log Record Detail.

132.png

 

For further information, refer to these related documents:

FortiAuthenticator Administration Guide

FortiAuthenticator LDAP -> Service

Troubleshooting Tip: FortiAuthenticator error: Failed to join Windows AD network: Domain Name