Hi,
I saw many posts but no solution that worked for us. Since yesterday, after the update to 7.4.4 we cant connect via SSL VPN with LDAP and FortiToken Users. Local Users are working fine. We tried with different users (NO user can connect and we have like at least 20 per day), different PCs and different Forticlient Versions.
We did not change anything from yesterday and on the other office with FG100F and 7.4.3 it still works without any problem with the same LDAP configuration.
Is it possible that this is a bug in 7.4.4. Any ideas o suggestions?
Thanks!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
solved, with the certificates loaded on the FW we can connect without any problems.
Thanks
Hello RolandBaumgaertner72,
It may be related to the Root CA enforcement which requires the LDAP server certificate to be installed on the Fortigate, please refer to the link below:
Hi,
but how can I install certificate issuer (the root CA) on the FortiGate store or do I have to download the root certificate from the FortiGate and install it on the endpoint's certificate store and mark it as trusted??
Do you have some more information?
Thanks!
Hey Roland,
the FortiGate is client to the LDAP server in this instance - so you need to get the root CA of the LDAP server certificate, and upload that root CA to FortiGate, to ensure it trusts the LDAP server certificate (and its issuer).
As to how to install it:
1. Download the CA certificate that signed the LDAP server certificate
2. Log into FortiGate
3. Go to System > Certificate Management
4. Click on 'Create New/Import', then CA Certificate
5. Select the certificate, and click OK
That should install the certificate in question, and the LDAP server certificate should be trusted in the future.
Cheers,
Debbie
That should do it;
Under User & Authentication > LDAP Servers > Edit, are you able to 'Test User Credentials'? What is the connection status?
Regards,
Hi,
solved, with the certificates loaded on the FW we can connect without any problems.
Thanks
Could you share the steps to export the Windows AD root cert?
Hello Hungry_Panda,
Could you please check these two documents? The steps to export the certificate are included here:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-export-root-CA-from-Certificate-Aut...
I followed those instructions. I can connect with LDAPS and pass User Credential Test, but when I enable "Certificate", I lose Connectivity. And VPN still fails with AD account even though that account will .
Hi,
we just copied our certificate (export) in the certificates option of the FG and after that it worked ;)
Try it out!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.