Description
This article describes the behavior of FortiNAC when a user is disabled from Active Directory.
Scope
FortiNAC.
Solution
If the LDAP entry is configured with the default values, when a user account is disabled in Active Directory, FortiNAC will:
Note: The changes are applied after the next scheduled or manual Directory synchronization.
These actions are also recorded in the Events log:
The status of the User, Host, and Adapters appear as shown below:
There are specific cases when disabling the host is not required or may cause access disruption for existing hosts. In this case, the LDAP configuration can be changed by removing the Disabled Attribute [userAccountControl] completely or only the Disabled Value [0x02] as shown below:
Helpful debugs:
diag debug plugin enable DirectoryManager
diag debug plugin enable DirectoryAuthentication
diag tail -f output.master
yams INFO :: 2024-11-05 10:37:05:148 :: #388 :: Requested Attributes = [distinguishedName, msDS-PrincipalName, givenName, sn, sAMAccountName, streetAddress, l, st, postalCode, homePhone, mobile, mobileProvider, mail, title, userAccountControl]
yams INFO :: 2024-11-05 10:37:05:151 :: #388 :: PRINTING ATTRIBUTES FOR CN=gimi,OU=Usr,DC=eb,DC=eu
yams INFO :: 2024-11-05 10:37:05:152 :: #388 :: =>mobile: +123 11111
yams INFO :: 2024-11-05 10:37:05:152 :: #388 :: =>givenName: gimi
yams INFO :: 2024-11-05 10:37:05:152 :: #388 :: =>msDS-PrincipalName: EB\gimi
yams INFO :: 2024-11-05 10:37:05:152 :: #388 :: =>mail: gimi@eb.eu
yams INFO :: 2024-11-05 10:37:05:152 :: #388 :: =>distinguishedName: CN=gimi,OU=Usr,DC=eb,DC=eu
yams INFO :: 2024-11-05 10:37:05:152 :: #388 :: =>homePhone: 70001
yams INFO :: 2024-11-05 10:37:05:152 :: #388 :: =>sAMAccountName: gimi
yams INFO :: 2024-11-05 10:37:05:152 :: #388 :: =>title: Shef IT
yams INFO :: 2024-11-05 10:37:05:152 :: #388 :: =>userAccountControl: 514
Related documents:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.