matanaskovic
Staff
Staff
Description

This article explains how to fix the FortiAuthenticator error: Cannot add user from LDAP server DC-boss because of this error: Failed to import user 'administrator' (rule: TAC-RULE), Mobile number is required if TFA method is SMS.

 

matanaskovic_0-1651004916754.png
Scope  
Solution

In the Remote User Sync Rules, 'SMS' as OTP method has been selected.

For using SMS token code, user’s mobile number attribute must be specified.

If mobile number is in wrong format or is missing, then users will not be imported from LDAP server into FortiAuthenticator.

 

matanaskovic_1-1651004948910.png

 

Also, under the Remote User Sync Rules settings, mobile number attribute must be defined.

 

Mobile number: mobile

 

matanaskovic_2-1651004991277.png

 

In Active Directory, user mobile number attribute must be in this format '+ [international number] [mobile number]'. 

 

matanaskovic_3-1651005023053.png

 

Then it is necessary to run manually Remote User Sync Rule and this time, it is necessary to see that username 'administrator' has been imported from LDAP server with mobile number for delivering token code.

 

matanaskovic_4-1651005063004.png

 

Also, it is possible to verify that in the logs.

 

matanaskovic_5-1651005105027.png

 

Related Article:
https://docs.fortinet.com/document/fortiauthenticator/6.4.3/administration-guide/215969/remote-user-...

Contributors