Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ManCarreras
New Contributor

Fortiauthenticator and Netscaler

Dear,

 

Recently I've deployed one 2FA with Nestscaler and Fortiauthenticator + LDAP, I've imported the LDAP users and the authentication with 2FA is working.The problem arrives whe the user password expires, How can I send the password renewal to the user?

 

My best regards and thank you in advance.

3 REPLIES 3
Aashiq_Z
Moderator
Moderator

Hello @ManCarreras 
 
Welcome to Fortinet community and Thank you for your post. Hopefully, you've been keeping safe and doing well!
 
You are trying to send password renewal to the user. We will have this looked and will reach you back as soon as possible.
 
You should receive an update from one of the team member soon. Thanks for your patience on this.
 
Regards
Aashiq Zainulabdeen
ManCarreras

Dear Aashiq,

 

Thanks for your reply,

 

I've have achieve to get the renewal password request by enabling LDAPS and MS-CHAPv2 between Netscaler 13 and Fortiauthenticator, but when the user tries to change the password returns an Invalid password message.

 

Regards

lmarinovic

Hello @ManCarreras 
 
There is an option under Authentication --> User account policies --> General
"Request password reset after token verification"
 
When you disable this option password change will work, as it will first use the password change and then token after it.
 
Probably token is interrupting the flow of password change in this case.
 
 
For example Fortigate and Forticlinet can work with both options, but in this case Citrtix Netscaler or any other third party radius client will have to have this option disabled if it not supporting the token in the middle of flow.
 
Regards
Lazar Marinovic
Best regards

Lazar Marinovic