I deployed a FortiNAC VM and configured policies to assign users to VLANs based on their department. To achieve this, I used an Active Directory attribute to assign a role to each user, which FortiNAC then parses via AD synchronization.
In the User Accounts page (first image), I can see that the correct role "112" has been assigned to the user. However, in the Hosts section (second image), the user’s laptop—where the same user is logged in—does not have the expected user role assigned (it should be 112 but is missing).
This discrepancy prevents proper VLAN assignment. How can I troubleshoot and ensure that the role is correctly applied to the host?
Sorry for the blurry image. the logged on users is the one that appears to have attribute 112 on the User Role (first image)
Thank you for the article but i have already saw it and this is the exact process i followed.
What do you mean by registered? the user logged on the device with the Host name, shouldn't this mean that the user will inherit the atribute?
As you can see, the host is missing the 'Registered To' information, which means that this host is registered as device and not tied to a user.
If dot1x is used in this case, you can use the dot1x auto registration feature, it will register the host directly to the user during the initial authentication.
In case you want to apply the policy based on the 'Logged On User' information, you can use a UHP that checks the role of the user as shown below:
Thank you for your prompt response. I want to apply the policy based on the below configured UHP:
Auto registration is off. DO you suggest enabling it and this will be the solution? I cant remember the reason i disabled it n the first place, since this is something i tried before.
