Hi all,
I' m trying configure FSSO direct to windows AD, without agent. Version 5.0.4.
The read of the groups by LDAP are ok and the status of the Single Sign-On is ok too.
The issue is that the Fortigate unit do not get logon information about the users. I checked and the user is on the correct group and after logon on domain the log do not show on the Fortigate.
I put attached configs.
FG# diagnose debug fsso-polling detail
AD Server Status:
ID=1, name(180.0.1.25),ip=180.0.1.25,source(security),users(0)
port=auto username=fortinet
read log offset=119910276, latest logon timestamp: Wed Oct 23 10:17:55 2013
polling frequency: every 10 second(s) success(6553), fail(0)
LDAP query: success(0), fail(2339)
LDAP max group query period(seconds): 0
Total max polling period(seconds): 4
most recent connection status: connected
Group Filter:
CN=GRP-WEB-BLOQ,OU=Grupos Acesso Web,OU=Grupos,OU=Corporativo,OU=PROFARMA,DC=profarma,DC=local+CN=GRP-WEB-LIB,OU=Grupos Acesso Web,OU=Grupos,OU=Corporativo,OU=PROFARMA,DC=profarma,DC=local+CN=GRP-WEB-PRIVILEGIADOS,OU=Grupos Acesso Web,OU=Grupos,OU=Corporativo,OU=PROFARMA,DC=profarma,DC=local
Help...
Claudio
Claudio Rezende