We are having an issue with the fortitoken sent by email. For example we have the user Jhon that its an user from the LDAP server, he has permissions based on group from the LDAP that those groups are linked to the User Group wich is in the firewall policy
Okey so when the user doesn't have any group in the field "User Group" the fortitoken dont work. If i add any group it does, how can i fix this?
Our idea its that we dont use the groups from the fortigate for the permissions just add them in the LDAP user
More context from CLI
You've most likely run into the good old LDAP vs tokens issue and the many way in which this can be misconfigured.
If the LDAP-user isn't mentioned in any relevant groups, its definition (and thus the token assignment) will not be considered during authentication, and the authentication will pass by virtue of simply being a member of a relevant LDAP group.
The user must be added to relevant groups for the token assigment to be considered and enforced.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.