Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RUtony
New Contributor

Created on ‎02-14-2024 05:55 AM

FG101f User cannot be added to User Groups

I have a 101f with 7.2.6. User cannot be added to user groups.

 

Under User and Authentication, User Definition

I select a user that is an LDAP user,

I select the User Group button and the list of available user groups pops up.  I select a group      from the list and when I save it I get an entry not found error.

 

if I do the opposite from the groups:

Under User and Authentication, User Groups

I select the same user group I was selecting above and edit.  there is no option to add users.  If I jump out to the CLI and manually try to add the user I get:

 

entry not found in datasource

value parse error before 'xxxxxx'
Command fail. Return code -3

 

The listed LDAP servers are connected successfully and can authenticate users through the FG interface under Under User and Authentication, LDAP Servers.

 

what did I miss?

Labels:
450
0 Kudos
1 Solution
hbac
Staff
Staff
In response to RUtony

Created on ‎02-14-2024 11:01 AM

@RUtony,

 

Have you tried with different groups? You can create a new group for testing. 

 

Regards, 

View solution in original post

373
8 REPLIES 8
mle2802
Staff
Staff

Created on ‎02-14-2024 06:17 AM

Hi @RUtony,

In the second scenario, when click on the group, you don't see the option too add member or there is no desired users? Can you please upload the screenshot of what you are referring?

Regards,

441
0 Kudos
RUtony
New Contributor
In response to mle2802

Created on ‎02-14-2024 06:22 AM

 

2024-02-14 08_19_20-FortiGate - fbh-mdf-fw13.jpg

439
0 Kudos
AEK
SuperUser
SuperUser
In response to RUtony

Created on ‎02-14-2024 07:46 AM

In LDAP server configuration (User & Device > LDAP servers), which value did you set as "Common Name Identifier"?

By the way, in that section, click "Test user credentials" then test it with that user credentials.

AEK
AEK
419
0 Kudos
RUtony
New Contributor
In response to AEK

Created on ‎02-14-2024 09:01 AM

Testing creds works as advertised.  Common Name = sAMAccountName

409
0 Kudos
hbac
Staff
Staff
In response to RUtony

Created on ‎02-14-2024 08:03 AM

Hi @RUtony,

 

Does it happen to all users and groups? 

 

Regards, 

418
0 Kudos
RUtony
New Contributor
In response to hbac

Created on ‎02-14-2024 09:01 AM

I only have three user setup and it is the same for all three of them.

408
0 Kudos
hbac
Staff
Staff
In response to RUtony

Created on ‎02-14-2024 11:01 AM

@RUtony,

 

Have you tried with different groups? You can create a new group for testing. 

 

Regards, 

374
RUtony
New Contributor
In response to hbac

Created on ‎02-15-2024 06:08 AM

OK, here is what I have figured out.  It appears that you cannot add users to an LDAP group from the FG GUI.  They have to be added in AD which makes perfect sense and you cannot see them on this interface.  When I created a local group as suggested above everything worked fine including the view that had no members earlier.  I deleted the local users altogether and LDAP still worked as advertised based on membership in the LDAP server in AD.

342
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.