Good Day
We have been doing some troubleshooting and below are the results
1. We tried the workaround to turn off the Use AD Authentication in the RADIUS Service ... Clients - for a Fortigate Firewall and the authentication works
2. But when we did it for the Forti-Manager or Forti-Analyzer, the authentication failed
3. the user login error in the logs is below -
- Windows AD user authentication(mschap) with FortiToken failed:AD auth error:Reading winbind reply failed! (0xc0000001)
The connection to the AD Server is fine... for the sync rules work and connect every 10 mins
The only place where I see the one AD not connected is in the Monitor... Authentication... Windows AD.
Cheers
Dana Burton
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Dana,
the AD authentication for FAC will be needed to speak mschap and translate it to your LDAP server. If you don't join the FAC to the domain (inside the LDAP server settings) you will not be able to offer it, but only PAP will work.
According to the monitor you mention, this is missing, or not working due to invalid settings, password etc.
best regards,
Markus
Hi Markus
It is really weird, it was all working, then for some reason the LDAP connection to domain was lost.
But the funny thing is the LDAP sync rules connect to AD/LDAP every 10 mins and are working fine.
LDAP connection setting are working I see the domain structure....
And as I mention I turn off the User Window AD in the client settings and it works for the firewalls but not for the fortimanager, fortianalyzer, or fortiweb... and the error is always the same.
I'm going to upgrade it to 6.3 and then to 6.4 and see if that fixes things
Cheers
Dana Burton
Hi Dana,
I'm just curious if you found a working solution for your issue?
I got a similar case, where the FortiAuthenticator was not able to join the domain after an update.
My solution was to delete the FortiAuthenticator's computer-object in the domain, then reboot and the join worked fine.
Regards
Nils
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.