Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ecalderon
New Contributor

FSSO Polling Not Working

Hello, 

I'm configuring a FGT with FSSO in polling mode without agent for a small network.  I'm having some issues. I don't see any FSSO users but the Active Directory connector is up.

And see the following output from the comand "diag debug application fsso 255" 

[fsso_ldap_session_state:73] ldap session state transit from init->user for user karina. [fsso_ldap_session_state:73] ldap session state transit from user->done for user karina. [event_add_logon_info:352] eid=4776, logon=[Administrador], ipaddr=[], station=[name], domain=[], clt_workstation=, port=0, tm=1545257899 [event_add_logon_info:352] eid=4776, logon=[katherine], ipaddr=[], station=[\\IBR], domain=[], clt_workstation=, port=0, tm=1545257918 [event_add_logon_info:374] no domain from 192.168.2.215 [event_add_logon_info:352] eid=4776, logon=[importaciones], ipaddr=[], station=[ECS], domain=[], clt_workstation=, port=0, tm=1545257912 [event_add_logon_info:374] no domain from 192.168.2.215

 

Any ideas of what might be the problem? 

 

 

4 REPLIES 4
xsilver_FTNT
Staff
Staff

Is the workstation logged into the domain ?

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

ecalderon

Hello Tomas,

Yes, the workstation is logged into the domain. I see the same message for every logon event in the network.  The Domain Controller is IP address .215. I guess for some reason I'm not getting the Domain from the Controller so FGT cannot solve de Computers name to an IP Address and I don't see any logon as a result:

# diag debug auth fsso list ----FSSO logons---- Total number of logons listed: 0, filtered: 0 ----end of FSSO logons----

 

# diag debug authd fsso server-status # Server Name                          Connection Status     Version               Address -----------                          -----------------     -------               ------- Local FSSO Agent                     connected             FSAE server 1.1       127.0.0.1 Server Name                          Connection Status     Version               Address

 

 

ecalderon
New Contributor

** Update

Checking on the   fsso-polling detail I see the messge LDAP query fail 

 

 

diag debug fsso-polling detail

AD Server Status(connected): ID=1, name(192.168.1.215),ip=192.168.1.215,source(security),users(0) port=auto username=Administrador read log eof=1, latest logon timestamp: Thu Dec 20 16:20:57 2018

polling frequency: every 10 second(s) success(17456), fail(0) LDAP query: success(0), fail(1821) LDAP max group query period(seconds): 1 LDAP status: connected

JuniorP93

Bonjour tout le monde j'ai un fgt 501E j'ai configuré le fsso, le LDAP fonctionne correctement , FSSO reconnait les utilisateurs, leurs groupes ainsi, que le domaine au quel ils appartiennent. Seulement lorsque j'active une politique d'authentification , les différents users créés n'arrivent plus à communiquer ni avec le fgt ni avec les autres utilisateurs
Labels
Top Kudoed Authors