- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LDAP Connected but I cannot assign in Firewall any AD groups
Hi,
I have addedd my AD LDAP it have status connected, now I would like to create firewall policy with source as AD users groups, but I have not here any group from AD listed, how could I troubleshoot this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Tutek,
Have you added the AD groups in a user group(s)? The user groups should then be visible in firewall policies.
Best Regards,
Alivo
livo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I created local groups and assign this group to remote NPS server the same name group.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can't mix local and LDAP users in the same group. Create new user group and put there as member the LDAP object you created, then use this group in src in rules.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
as you can see regarding this KB:
is possible to choose AD groups in firewall policy.
When I create firewall policy in users then select entry-->User here I don't have listed my AD groups, why?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Tutek, The doc is about fsso. Not LDAP. Although you may see it as LDAP groups which in fact these are,
they belong to different table in FortiGate > adgrp. This is used for passive authentication > Fortinet Single Sign On.
Since you added LDAP groups, as you wrote in your initial post, you have chosen active authentication > meaning users will be prompted for their credentials.
What is your goal exactly?
Best Regards,
Alivo
livo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would have ability choose my pooled AD group directly in firewall policy, as shown here
I have configured agentleess pooling to my domain controller, and checked two AD group to pool, but when create firewall policy when i click source then Select Entry "User", but I don't see here any of my AD groups.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Tutek,
1. which firmware are you using?
2. What is the source interface in the policy
3. what is the output of: sh us adgrp
Thank you.
Best Regards,
Alivo
livo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1.v6.4.5 build5653 (GA)
2.I want to restrict Internet access only to pooled from AD "Domain users", so source interface is my LAN.
3.
FGT # sh us adgrp config user adgrp end