Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sven_Jacobs1
New Contributor

LDAP Auth changed UPN

We are installing a office365 hybride setup to migrate our mailboxes to the cloud. For this we need to change our AD UPN from domain.local to domain.com. After this users that have a domain.com upn they cannot login anymore? In the log i get a no matching policy error and the user gets a -12 errror in the ssl vpn client. I have all the users defined on the fortinet with a token and password ldap to our domain controllers. They are members of a ssl group on the firewall and that group in in the policy
4 REPLIES 4
Carl_Wallmark
Valued Contributor

Hi Sven, How does your LDAP filter look like on the FortiGate ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Sven_Jacobs1
New Contributor

I do not use a filter ... here is my conifg that seems very basic ? config user ldap edit " SRV-ADS01" set server " X.X.X.X" set cnid " sAMAccountName" set dn " DC=domain,DC=local" set type regular set username " <USER>" set password <PASSWORD> next end if i do a test it seems ok ? FWBE01 (FWBE) # diagnose test authserver ldap SRV-ADS01 user pass authenticate ' user' against ' SRV-ADS01' succeeded!
Sven_Jacobs1
New Contributor

If i change the Common Name Identifier from " sAMAccountName" to " userPrincipalName" i can logon with user@domain.com
Dipen
New Contributor III

Hi How is your User group Configuration. If Match Server Group set to Any or a specific Group has been defined.

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D

 

Ahead of the Threat. FCNSA v5 / FCNSP v5 Fortigate 1000C / 1000D / 1500D
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors