Description
This article describes how Active Directory (AD) Login messages are over written by the FSSO Collector Agent (CA) when FortiGate authentication with LDAP and AD FSSO are configured on the Windows AD Server.
With FortiGate FSSO, if a user cannot be authenticated by a Windows Active Directory Domain but can be authenticated by LDAP a new logon event is sent to the FSSO Collector Agent (CA).
The CA User Monitor will show the:
CA Logon users list before the LDAP authentication event:
CA Logon users list after the LDAP authentication event:
FortiGate User Monitor List after the authentication:
Solution
To override the original logon entry in the FSSO CA the option enable "Disable RDP Override" in the FSSO CA.
This will avoid capturing the logon event that Windows AD generates when LDAP authentication.
Note: If no AD user entry exists in the FSSO CA, the AD user account is ignored by the CA and a new entry will be shown - LDAP user logged on the AD DC Server
In the FSSO CA: Show Monitored DCs -> Select DC to Monitor and enable "Disable RDP Override"
This article describes how Active Directory (AD) Login messages are over written by the FSSO Collector Agent (CA) when FortiGate authentication with LDAP and AD FSSO are configured on the Windows AD Server.
With FortiGate FSSO, if a user cannot be authenticated by a Windows Active Directory Domain but can be authenticated by LDAP a new logon event is sent to the FSSO Collector Agent (CA).
The CA User Monitor will show the:
- Authenticated LDAP userExample:
- Same user as FSSO
- IP address of the LDAP server (e.g. 10.5.0.12)
CA Logon users list before the LDAP authentication event:
CA Logon users list after the LDAP authentication event:
FortiGate User Monitor List after the authentication:
Solution
To override the original logon entry in the FSSO CA the option enable "Disable RDP Override" in the FSSO CA.
This will avoid capturing the logon event that Windows AD generates when LDAP authentication.
Note: If no AD user entry exists in the FSSO CA, the AD user account is ignored by the CA and a new entry will be shown - LDAP user logged on the AD DC Server
In the FSSO CA: Show Monitored DCs -> Select DC to Monitor and enable "Disable RDP Override"
