Description
This article describes how to enable active Directory domain authentication on FortiAuthenticator and then, how to monitor it.
Solution
- Settings.
After create New LDAP remote server on FortiAuthenticator, edit LDAP server and enable Windows Active Directory Domain Authentication.
Go to Authentication -> Remote Auth. Servers -> LDAP -> Edit Remote LDAP Server
- Select check box 'Radio' button.
- Kerberos realm name: TAC.LOCAL.
- Domain NetBIOS name: TAC.
- FortiAuthenticator NetBIOS name: FortiAuthenticar.
- Administrator username: Administrator.
- Administrator password: Password.
- To Know Kerberos by CMD in Windows Domain Server type: 'echo %userdnsdomain%' -> and identify: 'USERDNSDOMAIN='
- To Know NetBIOS by CMD in Windows Domain Server type: 'echo %userdomain%' -> and identify: 'USERDOMAIN='
- To know more information about Windows Sever type: 'set'
- Monitoring.
Go to Monitor -> Authentication -> Windows Active Directory Server.
- It is important to check the Connection status and time synchronization between FortiAuthenticator and Windows active directory server.
- If the status shows: 'Connection: joined domain, connected' -> This is the correct behavior.
- If it shows: 'Connection: joined domain, not connected'-> Crosscheck the settings again but also the time synchronization on FortiAuthenticator.
- Incorrect date or time might cause this to fail.
- Refer to : Troubleshooting Tip: FortiAuthenticator error: Failed to join Windows AD network: Domain Name
- Logs.
- Go to FortiAuthenticator -> Logging -> Log Access -> Logs.
- Log Record Detail.
For further information, refer to these related documents:
FortiAuthenticator Administration Guide
FortiAuthenticator LDAP -> Service
Troubleshooting Tip: FortiAuthenticator error: Failed to join Windows AD network: Domain Name
