Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Syed_Mehmood_Ali
New Contributor III

Created on ‎10-07-2015 02:20 PM

FSSO 5.2

We are testing the FSSO on terminal using DC agent mode. We configured LDAP successfully on the fortigate 100D unit. We have installed FSSO v5.0x on the Domain Controller and TS Agent on the terminal servers, then we made a object for each terminal servers with its ip addresses. After that we made a policy for each terminal server using its IP address as a source address and in source users we import the users through LDAP who are actually login on that server. But when we did all of this and test the internet by login one of the id from LDAP on the terminal server Fortinet Authentication appeared while trying to open any webpage on that server. I dont know what I did wrong please someone point me to the right direction how I resolved my issue. Thanks in advance
5592
0 Kudos
4 REPLIES 4
Syed_Mehmood_Ali
New Contributor III

Created on ‎10-07-2015 10:42 PM

One thing I want to add more is that, when I execute a command "diagnose debug authd fsso list" after login the workstation it is saying that "Total number of logons listed: 0". It means there is some communication issue between FSSO agent and firewall.

2476
0 Kudos
Dipen
New Contributor III

Created on ‎10-08-2015 03:56 AM

Hi Syed

What is your exact requirement ?

While configuring Internet access policies what "UserGroups" have you associated with Policy. have you configured FSSO Groups or LDAP Groups.

From your question it appears you have selected LDAP Groups; In that case even if you login to TS Clients with your domain credentials you will still be prompted for credentials.

For transparent authentication please use FSSO Groups.

 

You can track authentication in User Monitor :)

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D

 

Ahead of the Threat. FCNSA v5 / FCNSP v5 Fortigate 1000C / 1000D / 1500D
2475
0 Kudos
Syed_Mehmood_Ali
New Contributor III
In response to Dipen

Created on ‎10-08-2015 04:46 AM

Dipen, when I use FSSO group in the policy as a source user, Internet is not working. When I use remote LDAP user as a source user its keep asking the credentials, this is my problem none of the option working for me. 

2475
0 Kudos
Syed_Mehmood_Ali
New Contributor III
In response to Syed_Mehmood_Ali

Created on ‎10-11-2015 11:18 PM

I have resolved my issue by setting up group filter correctly on FSSO Agent which was wrongly configured in the past. LDAP configuration is not required when you used FSSO agent based Sign-on.

2475
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.