Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
GiangNH
New Contributor II

Created on ‎09-07-2023 02:43 AM

Error on Forti Authentication

We have many logs on FortiAuthenticator as below:

Still keep remote LDAP user xxx though it has ceased existing remotely

And

Cannot assign an FTM token to…..? Or   Failed to sync remote LDAP user

Please let me know what does this means of these logs

Thanks

Labels:
2077
0 Kudos
1 Solution
dbu
Staff
Staff
In response to GiangNH

Created on ‎09-07-2023 09:48 PM

Are these two alerts coming for same not existing user or happens with every user you are trying to assign token ?
Do you have available tokens to assign ?
Does this user has a defined email on the remote LDAP ?

 

Please provide full logs shown, it must be more explanatory about the issue. 

 Please provide also what @ndumaj  requested, it is wise to check from firmware perspective. 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

2010
9 REPLIES 9
ndumaj
Staff
Staff

Created on ‎09-07-2023 03:15 AM

Hello GiangNH

What is your FAC software version?
Please can you provide us a screenshot or full message log?
Did the issue appeared after any upgrade?
BR

- Happy to help, hit like and accept the solution -
2064
GiangNH
New Contributor II
In response to ndumaj

Created on ‎09-07-2023 08:27 PM

My software version is v6.2.1. We don't upgrade anything

Capture.PNGCapture2.PNG

2006
0 Kudos
dbu
Staff
Staff

Created on ‎09-07-2023 03:31 PM

Hello @GiangNH ,

 

In addition to @ndumaj 


From explanation "Still keep remote LDAP user xxx though it has ceased existing remotely" it looks like this user is not existing anymore on the remote server but still exists in FAC

Looks like related to this option here: 

 

enab.PNG

 

Is this option enabled of disabled? 

 

Regards!

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
2047
GiangNH
New Contributor II
In response to dbu

Created on ‎09-07-2023 08:34 PM

We enable feature Do not delete synced users when they are no longer found on the remote server. So what's aboout alert, Cannot assign an FTM token to…..? Or   Failed to sync remote LDAP user, Do you have any idea

2019
0 Kudos
dbu
Staff
Staff
In response to GiangNH

Created on ‎09-07-2023 09:48 PM

Are these two alerts coming for same not existing user or happens with every user you are trying to assign token ?
Do you have available tokens to assign ?
Does this user has a defined email on the remote LDAP ?

 

Please provide full logs shown, it must be more explanatory about the issue. 

 Please provide also what @ndumaj  requested, it is wise to check from firmware perspective. 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
2011
GiangNH
New Contributor II
In response to dbu

Created on ‎09-08-2023 12:38 AM

This alert comes from not existing user.

We have available token to assign

My firmware version is v6.2.1

Capture2.PNG

1989
0 Kudos
ndumaj
Staff
Staff
In response to GiangNH

Created on ‎09-08-2023 12:45 AM

Hi,
Does this user exist on your LDAP server?
Do you see this user on FAC Remote users? If yes, Does this user has a defined email address?
Please review the following article:
https://community.fortinet.com/t5/FortiAuthenticator/Troubleshooting-Tip-Remote-User-Sync-rules-on-F...
BR

- Happy to help, hit like and accept the solution -
1981
GiangNH
New Contributor II
In response to dbu

Created on ‎09-08-2023 12:29 AM

Hi,

May I know purpose when this option is enable?

1996
ndumaj
Staff
Staff
In response to GiangNH

Created on ‎09-08-2023 12:34 AM

Hi:
Do not delete synced users when they are no longer found on the remote server -->
Select to ensure that synchronized users are not deleted when they are no longer found on the remote server. This option is only available when Proceed with rule even when response empty is disabled.

Also review the Guide below:
https://docs.fortinet.com/document/fortiauthenticator/6.2.1/administration-guide/215969

- Happy to help, hit like and accept the solution -
1992
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.