I've followed this guide meticulously for our LDAP configuration on our Fortigate 80F. See below:
The authentication and group assignment is working perfectly, including the CLI commands for diagnosing the delegation and confirming you can change a user password from Fortigate, command example below:
dia test authserver ldap testdomain jdoe OldPassword1234#
However, when using the web gui to get to admin and subsequently an account which is set to reset on next logon, get the change password screen and copy/paste the old and new passwords (to ensure I'm not getting it wrong!), but I consistently get an error saying "Invalid Old Password" - but I know the password is correct and if I immediately go to the CLI and run the diagnose command above, it works perfect. So I know it's not an LDAP issue or an issue in the config of the LDAP server on Forti.
Any ideas on this one? For further clarification the password has special characters both before and after, and also adheres to the password policy both before and after.
Aside from this, LDAP authentication is working perfect.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
What is your FGT version?
There is a ticket ID 782158 - "The ç character is not accepted by an LDAPS password change" - that means that pass change doesn't work if your pass contains non-ASCII characters, and the issue is solved on v7.2.1.
https://docs.fortinet.com/document/fortigate/7.2.1/fortios-release-notes/289806/resolved-issues
BR
We're on 7.0.10, although contemplating patching it anyway as I had a feeling this would be the case!
That's a good find, thank you. I searched high and low but couldn't find anything related. I think I'll confirm it by changing the policy temporarily to allow all ascii, then get the update in.
I'm guessing there's no update available for the 7.0 range (e.g. take to 7.0.11), and instead I need to stage it right through to 7.2.1?
Hi,
Unfortunately at the moment there is no fix available on 7.0.x, the fix is only available on v7.2.1 and above.
BR
That's a shame - but a good excuse to upgrade!
I've confirmed it now between another site (7.2.1+) and it's consistent, works fine.
Upgrade incoming... Thanks for your help
Eh, sorry, at least we have a solution :),
Happy to help!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.