Description | This article describes how to limit a wireless user to be authenticated from simultaneous devices using LDAP Authentication and FortiAP. |
Scope | FortiGate, FortiAP. During this example, FortiOS 7.4.3 and FortiAP 7.4.3 were used. |
Solution |
In this Article, the authentication is performed by LDAP: How to configure FortiGate to use an LDAP server
Create a User Group and enable the auth-concurrent-override to control the number of user accounts authenticate at the same time.
config user group edit "LDAP-group" set group-type firewall set authtimeout 0 set auth-concurrent-override enable set auth-concurrent-value 2 <- The same user can be authenticated for 2 sources at the same time. The third device should fail the authentication. set http-digest-realm '' set member "ldap" next end
Reference the User Group in the SSID profile.
Then try to Authenticate with multiple devices using the same account. These simultaneous users can be seen in firewall users.
Using the following command will display the users in CLI:
diagnose firewall auth list
When trying to Authenticate by the third device, the following message will be shown:
Related articles: Technical Tip: Limiting concurrent user authentication Technical Tip: 'policy-auth-concurrent' system global command clarified |