FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hvardhang
Staff
Staff
Description This article describes the situation where the user is unable to fetch user groups information on Fortinet Single Sign-On Collector Agent Service.
Scope

Fortinet Single Sign-On Collector Agent

Solution

When there is a service account/administrator password getting expired/reset/renewed on the Active directory results in the FSSO collector agent fails in getting group information.

 

The collector agent debugs shows below messages where LDAP bind fails 

 

02/11/2022 11:47:58 [ 5152] ldaplib::ldap_bind_s failed, server:fermion-kvm52.rishi.com error code:0x31.
02/11/2022 11:47:58 [ 5152] ad_user_get_groups_str2_s():<NONE>

 

Validate and correct with proper username, password details on collector agent under 'Set Directory Access Information' --Advanced setting--Correct with username and password details.

 

Note: If the Advanced setting show blank for LDAP configuration, it means Fortinet Single Signon uses Service account credentials.

It can be validated under 'service.msc'  , Open services--Fortinet Single Sign-on Agent service--Properties--Logon, correct with credentials.

Contributors