- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Local user authentication. Captive portal alternative?
Scenario: Small office with users and no AD-Domain.
Is it possible to have a local agent installed (forticlient? Anything else?) on each computer logged in with a username/password and have that information sent to the fortigate when accessing rules etc instead of manually having to log on/into the captive portal every day?
The end goal is to enter the username/password once on each computer and identify the users automatically.
Any input appreciated!
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi dontmindme,
In case if you do not have a centralized solution for the user authentication, I`m afraid there is not much can be done in order to fulfill your requirement.
The easiest way of doing this would be to:
1. Deploy AD and join all PCs to the domain
2. Configure local FSSO poller on the Fortigate.
3. Use the FSSO groups in the appropriate policies.
As a result - the user logged in to his PC will generate a logon event on the AD.
That logon event will be polled by a local FSSO poller and the logon event for that user will be generated on the Fortigate.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So from your description I would assume, you have to integrate any Authentication source, like FortiAuthenticator, LDAP, AD or RADIUS with NPS and/or a Certification Authority for cert based authentication. Maybe, if the customer is using an AzureAD for it's O365 Services, the SAML Auth feature may be a solution...?
FCNSA 5, FCNSP 5, NSE 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi dontmindme,
In case if you do not have a centralized solution for the user authentication, I`m afraid there is not much can be done in order to fulfill your requirement.
The easiest way of doing this would be to:
1. Deploy AD and join all PCs to the domain
2. Configure local FSSO poller on the Fortigate.
3. Use the FSSO groups in the appropriate policies.
As a result - the user logged in to his PC will generate a logon event on the AD.
That logon event will be polled by a local FSSO poller and the logon event for that user will be generated on the Fortigate.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, it seems that this is not a workable solution then. The computers are stand-alone and i was looking for a solution to authenticate the users in another way than captive portal. Setting up a AD for the purpose and joining computers are a overkill solution to a simple local setup.
Sadly accepting this as a solution.
Thank you!
![](/skins/images/EC12350B26E3A30E8BDB0075C9F4DA72/responsive_peak/images/icon_anonymous_message.png)