This article describes the possible behavior with LDAP authentication after upgrading to 9.2.7 or 9.4.2.
In these versions, both primary and secondary LDAP servers are checked on startup by FortiNAC.
If the connection to the secondary LDAP server fails, this is treated as a total failure.
- Unable to login to admin UI using LDAP credentials post upgrade.
- Users unable to register in FortiNAC using LDAP credentials.
Workaround:1) Log in to Admin UI using a local account.2) Navigate to: System > Settings -> Authentication -> LDAP.3) Modify LDAP configuration:
- Ensure that secondary IP/FQDN is reachable.
Important: If using SSL or STARTTLS secondary server value must be FQDN for certificate validation.
- If the Secondary server is not reachable, remove the Secondary Server value.
- Verify if the FortiNAC is able to validate credentials.
Solution: To be addressed in a future release
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.