Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Syed_Mehmood_Ali
New Contributor III

FSSO 5.2

We are testing the FSSO on terminal using DC agent mode. We configured LDAP successfully on the fortigate 100D unit. We have installed FSSO v5.0x on the Domain Controller and TS Agent on the terminal servers, then we made a object for each terminal servers with its ip addresses. After that we made a policy for each terminal server using its IP address as a source address and in source users we import the users through LDAP who are actually login on that server. But when we did all of this and test the internet by login one of the id from LDAP on the terminal server Fortinet Authentication appeared while trying to open any webpage on that server. I dont know what I did wrong please someone point me to the right direction how I resolved my issue. Thanks in advance
4 REPLIES 4
Syed_Mehmood_Ali
New Contributor III

One thing I want to add more is that, when I execute a command "diagnose debug authd fsso list" after login the workstation it is saying that "Total number of logons listed: 0". It means there is some communication issue between FSSO agent and firewall.

Dipen
New Contributor III

Hi Syed

What is your exact requirement ?

While configuring Internet access policies what "UserGroups" have you associated with Policy. have you configured FSSO Groups or LDAP Groups.

From your question it appears you have selected LDAP Groups; In that case even if you login to TS Clients with your domain credentials you will still be prompted for credentials.

For transparent authentication please use FSSO Groups.

 

You can track authentication in User Monitor :)

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D

 

Syed_Mehmood_Ali

Dipen, when I use FSSO group in the policy as a source user, Internet is not working. When I use remote LDAP user as a source user its keep asking the credentials, this is my problem none of the option working for me. 

Syed_Mehmood_Ali

I have resolved my issue by setting up group filter correctly on FSSO Agent which was wrongly configured in the past. LDAP configuration is not required when you used FSSO agent based Sign-on.