NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
Article Id 244105



This article describes the possible behavior with LDAP authentication after upgrading to 9.2.7 or 9.4.2.


In these versions, both primary and secondary LDAP servers are checked on startup by FortiNAC. 

If the connection to the secondary LDAP server fails, this is treated as a total failure.



- Unable to login to admin UI using LDAP credentials post upgrade.

- Users unable to register in FortiNAC using LDAP credentials.

Scope FortiNAC version 9.2.7 GA and 9.4.2.

1) Log in to Admin UI using a local account.
2) Navigate to: System > Settings -> Authentication -> LDAP.
3) Modify LDAP configuration:

- Ensure that secondary IP/FQDN is reachable.

Important:  If using SSL or STARTTLS secondary server value must be FQDN for certificate validation.

- If the Secondary server is not reachable, remove the Secondary Server value.

- Verify if the FortiNAC is able to validate credentials.


Solution: Addressed in FortiNAC version 9.2.8, 9.4.3 and later