Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
xlloyd
New Contributor

Active Directory Bind Account Permission

Hi all,

 

I was looking through the forum and couldn't find any similar discussion. Please let me know if this has been addressed elsewhere.

 

I am working with a customer who is very particular when it comes to Active Directory permissions for service accounts. When using Regular binding for LDAP servers (using FSSO in polling mode), what are the minimum permissions I can assign to the bind account for the solution to function properly?

 

I have tried using regular users before and it didn't work so since then I have always used Domain Admin privileges. Unfortunately this won't fly with these guys.

 

Thanks!

Xavier

1 Solution
5 REPLIES 5
xsilver_FTNT
Staff
Staff

Hi, I would recommend to check KB articles , namely start with this one:

Technical Note: Restricting FSSO service account

http://kb.fortinet.com/kb...amp;externalId=FD36039

 

 

kind regards,Tomas

Tomas Stribrny - NASDAQ:FTNT - Fortinet stuff - TAC Staff Engineer

xlloyd

Thanks so much! I was searching the kb too but apparently I was using the wrong search strings!

xlloyd
New Contributor

[strike]Actually after reading through, I realised that this is with regards to the Collector Agent. I am doing only Polling Mode. Are the restrictions the same with both methods?[/strike]

 

EDIT: Sorry just reread it and it had all necessary info. Thanks again!

 

Gabana
New Contributor

would you please share your info ?

i dont have access to that KB

Admin_FTNT
Labels
Top Kudoed Authors