Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bartynp
New Contributor II

FortiEMS - ActiveDirectory Home Folders access/mount

There is a environment like below:

 

  1. AD located in the cloud
  2. EMS serwer located in the cloud
  3. On the edge of the cloud, there is a FG virtual machine
  4. In the branch, there is a FG and Fortiswitch
  5. There is a VPN IPSEC tunnel between the branch and the cloud (from FG located in the branch to FG Virtual Machine, located in the cloud)

Firewall rules contains ZTNA tags in the branch FG and in the cloud FG; checking the traffic which goes to the machines located in the cloud.

 

  1. user connects computer to the fortiswitch in the branch
  2. port in the fortiswitch is in the NAC mode
  3. in the beginning; this computer first goes to the "onboarding" vlan; after two or three minutes later; computer has acces to company sites.

Each user has own home folder which access path is declared in te user AD account setting. But there is a problem. How to mount user home folder if the EMS server needs a few minutes before it authenticates the machine? Is there any solution?  

5 REPLIES 5
Stephen_G
Moderator
Moderator

Hello bartynp,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Stephen - Fortinet Community Team
Stephen_G
Moderator
Moderator

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Stephen - Fortinet Community Team
bartynp
New Contributor II

thx :)

azaria23
New Contributor

If it is anything like the FortiSSO agent, it needs the privileges to run on a server with system context (domain controller probably) and / or just AD User read for AD (e.g. it just needs to talk to AD from a client machine).

https://showbox.bio https://tutuapp.uno/
bartynp
New Contributor II

it talks; but when there is "onboarding" process (NAC port i fortswitch, vlan changing); it takes time; user logs into the system (using cached credentials) before the windows can talk to the AD or wait until the computer connects to the network. There is no chance to talk to any system before; there is no connection during "onboarding process".

Top Kudoed Authors