Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
GiangNH
New Contributor II

Error on Forti Authentication

We have many logs on FortiAuthenticator as below:

Still keep remote LDAP user xxx though it has ceased existing remotely

And

Cannot assign an FTM token to…..? Or   Failed to sync remote LDAP user

Please let me know what does this means of these logs

Thanks

1 Solution
dbu

Are these two alerts coming for same not existing user or happens with every user you are trying to assign token ?
Do you have available tokens to assign ?
Does this user has a defined email on the remote LDAP ?

 

Please provide full logs shown, it must be more explanatory about the issue. 

 Please provide also what @ndumaj  requested, it is wise to check from firmware perspective. 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

9 REPLIES 9
ndumaj
Staff
Staff

Hello GiangNH

What is your FAC software version?
Please can you provide us a screenshot or full message log?
Did the issue appeared after any upgrade?
BR

- Happy to help, hit like and accept the solution -
GiangNH
New Contributor II

My software version is v6.2.1. We don't upgrade anything

Capture.PNGCapture2.PNG

dbu
Staff
Staff

Hello @GiangNH ,

 

In addition to @ndumaj 


From explanation "Still keep remote LDAP user xxx though it has ceased existing remotely" it looks like this user is not existing anymore on the remote server but still exists in FAC

Looks like related to this option here: 

 

enab.PNG

 

Is this option enabled of disabled? 

 

Regards!

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
GiangNH
New Contributor II

We enable feature Do not delete synced users when they are no longer found on the remote server. So what's aboout alert, Cannot assign an FTM token to…..? Or   Failed to sync remote LDAP user, Do you have any idea

dbu

Are these two alerts coming for same not existing user or happens with every user you are trying to assign token ?
Do you have available tokens to assign ?
Does this user has a defined email on the remote LDAP ?

 

Please provide full logs shown, it must be more explanatory about the issue. 

 Please provide also what @ndumaj  requested, it is wise to check from firmware perspective. 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
GiangNH
New Contributor II

This alert comes from not existing user.

We have available token to assign

My firmware version is v6.2.1

Capture2.PNG

ndumaj

Hi,
Does this user exist on your LDAP server?
Do you see this user on FAC Remote users? If yes, Does this user has a defined email address?
Please review the following article:
https://community.fortinet.com/t5/FortiAuthenticator/Troubleshooting-Tip-Remote-User-Sync-rules-on-F...
BR

- Happy to help, hit like and accept the solution -
GiangNH
New Contributor II

Hi,

May I know purpose when this option is enable?

ndumaj

Hi:
Do not delete synced users when they are no longer found on the remote server -->
Select to ensure that synchronized users are not deleted when they are no longer found on the remote server. This option is only available when Proceed with rule even when response empty is disabled.

Also review the Guide below:
https://docs.fortinet.com/document/fortiauthenticator/6.2.1/administration-guide/215969

- Happy to help, hit like and accept the solution -
Top Kudoed Authors