# config user ldap2) Identify the group membership of the user in the LDAP server, in this example the user is Prueba1:
edit "LdapServer"
set server "192.168.100.3"
set cnid "cn"
set dn "dc=markoz,dc=com,dc=mx"
set type regular
set username "CN=Administrator, CN=users, DC=markoz,DC=com,DC=mx"
set password ENC ...
next
end
# diagnose test authserver ldap LdapServer Prueba1 Prueba3#
authenticate 'Prueba1' against 'LdapServer' succeeded!
Group membership(s) - CN=Finanzas,CN=Users,DC=markoz,DC=com,DC=mx <----- Finanzas.
CN=Domain Users,CN=Users,DC=markoz,DC=com,DC=mx
# config user group4) Create an admin-user and associate it to the Group Local.
edit 'LDAP-Authentication'
set member 'LdapServer'
config match
edit 1
set server-name 'LdapServer'
set group-name 'CN=Finanzas,CN=Users,DC=markoz,DC=com,DC=mx <----- Finanzas.
next
end
next
end
# config system admin5) Authenticate into the FortiGate with the user and password of the LDAP server Group.
edit "UserLDAP"
set remote-auth enable
set accprofile "super_admin"
set vdom "root"
set wildcard enable
set remote-group "LDAP-Authentication"
next
end
# get system admin list
username local device vdom profile remote started
admin ssh internal:192.168.1.91:22 root super_admin 192.168.1.111:59804 2016-07-08 16:09:18
Prueba1 https internal:192.168.1.91:9002 root super_admin 192.168.1.111:59827 2016-07-08 16:14:12
Prueba1 ssh internal:192.168.1.91:22 root super_admin 192.168.1.111:59869 2016-07-08 16:15:55
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.