This article explains the use of different FSSO debug commands for troubleshooting FSSO related issues.
Useful FSSO Commands
# diagnose debug application authd 8256
# diagnose debug enable
# diagnose debug authd fsso filter ?
clear Clear all filters
group Group name.
server FSSO agent name.
source Source IP address.
user User name
# diagnose debug authd fsso ?
clear-logons Clear logon information.
filter Filters used for list or clear logons.
list List current logons.
refresh-groups Refresh group mappings.
refresh-logons Resync logon database.
server-status Show FSSO agent connection status.
summary Summary of current logons.
# diagnose debug authd fsso server-status
Note: If there are more than one FSSO collector agents, the output of this command will print only the connection status of the active/primary FSSO agent.
> Request CA to re-send the active users list to FortiGate:
# diagnose debug authd fsso refresh-logons
> Clear logon info in FortiGate:
# diagnose debug authd fsso clear-logons
* Users must logoff/logon
> Request CA to re-send monitored groups list to FortiGate:
# diagnose debug authd fsso refresh-Groups
> List monitored groups:
# get user adgrp