Hello Community,
i am absolute newbie to Fotigate. My network configuration is as follows:
The domain controller is located at the NAS1 192.168.17.201, the domain is local.XXXX.it.
My DNS settings are as follows:
However, when I ping my domain controller with execute ping local.XXXX.it I get a response from the IP of the host of my website www.XXXX.it (courtesy page). What is wrong here?
In fact, I cannot register to the LDAP Server:
Anyone can help?
Thanks in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have created a separate group for domain users. Unfortunately, it still doesn't work.
If you are using ipsec make sure that in the settings of the vpn tunnel under XAUTH you have selected the newly created group for domain users or if you are using ssl vpn then check you firewall policy for ssl vpn .
On the client side use username for login not username@domain.xx
I am using ipsec. All the issues you have mentioned have been verified. Unfortunately, it still doesn't work.
What I have to mention is that the PC from which I want to connect via VPN is not registered in the domain. Could this be the problem?
You do not need to register that pc to ad . In ldap setting on fortigate you have 2 debug tools, Test Connectivity and Test user credentials . First you must use this tools to be sure that everything is set correctly in fortigate .
Also post your actual config .
(ad-ldap-new) # show
config user ldap
edit "ad-ldap-new"
set server "192.168.0.15"
set cnid "sAMAccountName"
set dn "dc=mydomain,dc=local"
set type regular
set username "myusername@mydomain.local"
set password ENC mypassword
next
end
# show
config vpn ipsec phase1-interface
edit "roadw"
set type dynamic
set interface "port6"
set mode aggressive
set peertype any
set net-device disable
set mode-cfg enable
set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
set comments "VPN: roadw"
set wizard-type dialup-forticlient
set xauthtype auto
set authusrgrp "vpn-ldap-new"
set ipv4-start-ip 172.16.16.100
set ipv4-end-ip 172.16.16.200
set dns-mode auto
set ipv4-split-include "RoadW-sediu_split"
set save-password enable
set psksecret mysecret
next
end
gpojer wrote:So the vpnusers group has now a local user and a domain user.
I think you need to create a separate vpn group for domain users .
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.