Hi
I have fortigate 80c v5.2.5
I have followed the below link instruction and successfully configured FSSO.
https://www.youtube.com/watch?v=0DUqspQ3pzo
But when testing the policy on users’ computer nothing happen and the users skip this policy although I tried with AD username, group and even with adding the entire OU.
Another thing; when I went to “User & Device” > “Monitor” > “Firewall” > “Show all FSSO Logons” I found nothing!
FortiGate_80C # diag debug fsso-polling detail polling frequency: every 10 second(s) success(0), fail(10) LDAP query: success(0), fail(0) LDAP max group query period(seconds): 0 most recent connection status: err: server can not be accessible
FortiGate_80C # diagnose debug fsso-polling summary global: logon: 0 current vdom: root:(id=0) number of AD servers: 1 number of clients: 1
FortiGate_80C # show user fsso config user fsso edit "Local FSSO Agent" set server "127.0.0.1" set ldap-server "LDAP server" next end
I agree with superindian.
Better look into using the fsso agent on your domain controller.
http://cookbook.fortinet.com/providing-single-sign-using-ldap-fsso-agent-advanced-mode-expert/
Anway, if you want to continue without FSSO Agent on your domain controller:
You are unable to access your domain controller:
[size="1"]polling frequency: every 10 second(s) success(0), [style="background-color: #ffff00;"]fail(10)[/style][/size] LDAP query: success(0), fail(0) LDAP max group query period(seconds): 0 [style="background-color: #ffff00;"]most recent connection status: err: server can not be accessible[/style]
[style="background-color: #ffffff;"][size="1"]My guess is wrong AD-User permissions. The user which you are using to poll your domain controller. This user needs access to the Domain Controller Security Log. [/size][/style]
[style="background-color: #ffffff;"][size="1"][size="3"]Try this debugging command:[/size][/size][/style]
#diag debug application fssod -1
#diag debug enable
[style="background-color: #ffffff;"][size="1"][size="3"]http://docs.fortinet.com/uploaded/files/1844/fortinet-single-sign-on-polling-mode-windows-AD-network...[/size][/size][/style]
I'm able to view OU's, user accounts and groups from FSSO, please have a look to the attached photo.
As for the command Connected FortiGate_80C # diag debug application fssod -1 FortiGate_80C # diag debug enable [size="1"]FortiGate_80C # [fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size]
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.