Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sebabert
New Contributor

MAB and LDAP

Hi all,

I'm trying to understand if it is possible to authenticate non-802.1X compliant devices (e.g. printers) via LDAP.

I've deployed FAC VM and MAB is possible only with local users and groups. It is correct?

 

Thanks for your help.

Sebastiano Bertoli

1 REPLY 1
xsilver_FTNT
Staff
Staff

Hi,

hope you found out.

But just in case .. 

 

1. set your devices with their MAC addresses to Authentication > User Management > MAC Deices

2. set those individual MAC Devices into group Authentication > User Management > User Groups > Create New > set Type = MAC and select your devices from step (1)

3. let's say we are on 6.1 version where the Authentication > RADIUS Service is split between Clients and Policies, so set up new policy for your network with Authentication Type set to 'MAC authentication bypass (MAB)'.

Then in Identity Source > Authorized Groups you should be able to choose group created in step (2)

4. finish policy creation, and I would move it above other policies to sort of exempt those MAC address defined devices from further authentication attempts.

 

More can be found in Admin guides when you click the (?) icon in top right corner of FAC GUI.

For example: https://docs.fortinet.com...-guide/416152/policies

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors