Hi everybody I'm currently trying to set up single sign on, and things are more painful than I initially thought. I'm currently running 5.6.3 FortiOS version on Fortigate 201E appliance. My goal is to retrieve user logon from LDAP server so that I can use FSSO feature in my rulebase, allowing users to authenticate their windows session and then be authorized through the firewall according to the policy base.

For this I want to use the polling method, avoiding to install additionnal software on the customer AD server. So first, I have configured my LDAP server "User and Device -> LDAP Server -> create new" which is OK ("Test Connectivity" button says "Successful")

Then I try to configure User and Device -> Single Sign On part, but here is where it fails. I put a name on my SSO configuration, then I reuse the same credentials than those used in LDAP server (I guess this is what needs to be done), and I enable polling I can see the users tree appearing, but when i go back on meny User and Device -> Single Sign On, i see a status "Disconnected" If I make a packet capture, I see the firewall establishing a tcp connection with LDAP server, which succeeds, but then the fortigate send a SMB negotiate protocol Request that is immediatly TCP reseted by the LDAP. My customer asked me which SMB version fortigate used but I didn't find this information. It is several days that I'm breaking my brain on this, so your help would be highly appreciated :) I'm sorry that I couldn't insert more pictures but it seems that only 1 attachment is authorized per post. Thanks per advance  Benjamin