Maybe someone could advise me on 802.1x implementation with FAC and Microsoft LDAP. All the cookbooks basically show FAC as the only authentication server and demonstrates VLAN attribute assignment per-user (which is a total nonsense, when you have hundreds of users). So, what is the correct workflow here? As per my imagination, brief steps should be as following:
1. Microsoft NPS must be configured with policies assigning user groups a Tunnel-Type "VLAN" attribute along with Tunnel-PVT-Group-ID "vlan_number".
2. Remote LDAP user group must configured on FAC with added RADIUS attribute Tunnel-Type "VLAN".
3. Remote user sync rule must be configured based on created user group, with users being automatically assigned to it.
4. Add network device as a RADIUS client.
5. Configure network device for authentication using FAC and enabling 802.1x on ports.
Could someone confirm, that this is the correct thinking? Thanks in advance!
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.