Hello everyone I'm here and beginner to
I'm using fortigate 60e i setup an ldap server and i linked it successfully to fortigate .... and i set up group users the problem is the group members cant login while when i set the groups to any they can login successfully i'm using openldap here is my diagnose test and my open ldap configuration .... thanks
[2116] handle_req-Rcvd auth req 526552581 for admin in LDAP opt=0000001b prot=0
[352] __compose_group_list_from_req-Group 'LDAP'
[605] fnbamd_pop3_start-admin
[1001] __fnbamd_cfg_get_ldap_list_by_server-Loading LDAP server 'LDAP'
[867] resolve_ldap_FQDN-Resolved address 192.168.0.102, result 192.168.0.102
[1143] build_search_base-search base is: dc=localhost,dc=ma
[1263] fnbamd_ldap_init-search filter is: cn=admin
[489] create_auth_session-Total 1 server(s) to try
[263] start_search_dn-base:'dc=localhost,dc=ma' filter:cn=admin
[1649] fnbamd_ldap_get_result-Going to SEARCH state
[2781] auth_ldap_result-Continue pending for req 526552581
[296] get_all_dn-Found DN 1:cn=admin,dc=localhost,dc=ma
[310] get_all_dn-Found 1 DN's
[344] start_next_dn_bind-Trying DN 1:cn=admin,dc=localhost,dc=ma
[1697] fnbamd_ldap_get_result-Going to USERBIND state
[2781] auth_ldap_result-Continue pending for req 526552581
[570] start_user_attrs_lookup-Adding attr 'memberOf'
[591] start_user_attrs_lookup-base:'cn=admin,dc=localhost,dc=ma' filter:cn=*
[1753] fnbamd_ldap_get_result-Entering CHKUSERATTRS state
[2781] auth_ldap_result-Continue pending for req 526552581
[793] get_member_of_groups-Get the memberOf groups.
[820] get_member_of_groups-attr='memberOf' - found 0 values
[1785] fnbamd_ldap_get_result-Auth accepted
[1921] fnbamd_ldap_get_result-Going to DONE state res=0
[2595] fnbamd_auth_poll_ldap-Result for ldap svr 192.168.0.102 is SUCCESS
[2615] fnbamd_auth_poll_ldap-Skipping group matching
[895] find_matched_usr_grps-Skipped group matching
[182] fnbamd_comm_send_result-Sending result 0 (error 0, nid 0) for req 526552581
[634] destroy_auth_session-delete session 526552581
authenticate 'admin' against 'LDAP' succeeded!
FortiGate-VM64-KVM # diagnose test authserver ldap LDAP admin123 123456
[2116] handle_req-Rcvd auth req 526552582 for admin123 in LDAP opt=0000001b prot=0
[352] __compose_group_list_from_req-Group 'LDAP'
[605] fnbamd_pop3_start-admin123
[1001] __fnbamd_cfg_get_ldap_list_by_server-Loading LDAP server 'LDAP'
[867] resolve_ldap_FQDN-Resolved address 192.168.0.102, result 192.168.0.102
[1143] build_search_base-search base is: dc=localhost,dc=ma
[1263] fnbamd_ldap_init-search filter is: cn=admin123
[489] create_auth_session-Total 1 server(s) to try
[263] start_search_dn-base:'dc=localhost,dc=ma' filter:cn=admin123
[1649] fnbamd_ldap_get_result-Going to SEARCH state
[2781] auth_ldap_result-Continue pending for req 526552582
[296] get_all_dn-Found DN 1:cn=admin123,cn=Administrateur,ou=groups,dc=localhost,dc=ma
[310] get_all_dn-Found 1 DN's
[344] start_next_dn_bind-Trying DN 1:cn=admin123,cn=Administrateur,ou=groups,dc=localhost,dc=ma
[1697] fnbamd_ldap_get_result-Going to USERBIND state
[2781] auth_ldap_result-Continue pending for req 526552582
[570] start_user_attrs_lookup-Adding attr 'memberOf'
[591] start_user_attrs_lookup-base:'cn=admin123,cn=Administrateur,ou=groups,dc=localhost,dc=ma' filter:cn=*
[1753] fnbamd_ldap_get_result-Entering CHKUSERATTRS state
[2781] auth_ldap_result-Continue pending for req 526552582
[793] get_member_of_groups-Get the memberOf groups.
[820] get_member_of_groups-attr='memberOf' - found 0 values
[1785] fnbamd_ldap_get_result-Auth accepted
[1921] fnbamd_ldap_get_result-Going to DONE state res=0
[2595] fnbamd_auth_poll_ldap-Result for ldap svr 192.168.0.102 is SUCCESS
[2615] fnbamd_auth_poll_ldap-Skipping group matching
[895] find_matched_usr_grps-Skipped group matching
[182] fnbamd_comm_send_result-Sending result 0 (error 0, nid 0) for req 526552582
[634] destroy_auth_session-delete session 526552582
authenticate 'admin123' against 'LDAP' succeeded!
thanks i fixed it the problem was that the group i set were POSIX groups
and i enabled memberof "Groupofnames"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.