Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gthalassinos
New Contributor II

Created on ‎02-21-2023 12:11 AM

Show current LDAP users and force refresh of names and credentials

A Windows user was disabled at a client site and I was asked to verify whether he was still present and operational in the Firewall (and the SSL VPN users) and, if he was, I should disable/remove him.

 

First of all I found no means of getting the current known LDAP users in the FortiGate database. I could get the names of all the LDAP users if I tried to add a new remote user, but I am not sure that is a list from the Firewall database or an active one via the LDAP connectivity.

 

Then I tried to disable the user via a password change in the Windows AD. When I went to the LDAP Server to check the change via Test User Credentials, I would get a positive check whether I input the old or the new password.

 

Of course, in time, things settled and there was no positive check with the old password. Still I need a way to

1) display actual current LDAP user names known to the Firewall

2) force a refresh of the LDAP user names and their credentials

 

Any help will be greatly appreciated. Thanks in advance.

 

------------------------------------------------------------------------

FortiGate 50E, FortiOS v6.2.12 build1319 (GA) [latest available patch]

Labels:
9974
0 Kudos
1 Solution
srajeswaran
Staff
Staff

Created on ‎03-04-2023 11:12 PM

You can view the cached users list as below.

1) Go to User & Devices -> User Definition -> Create New.
2) On 'User Type', choose 'Remote LDAP user' and select 'Next'.
3) On 'LDAP Server', select the LDAP server name and select 'Next'.


There is also option "Discard cache and download latest entries" as in below screenshot

srajeswaran_0-1678000165940.png

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

9877
7 REPLIES 7
srajeswaran
Staff
Staff

Created on ‎02-21-2023 01:56 AM

Ideally the user should be present under "Monitor -> Firewall User Monitor" or "Monitor -> SSL-VPN Monitor".

You don't see the users here?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
9959
0 Kudos
gthalassinos
New Contributor II
In response to srajeswaran

Created on ‎02-28-2023 02:13 AM

Hello Suraj,

 

I apologize for the delayed response. I am new to the Community and expected to be notified of any reply to my question via email, but that did not happen. And the "Email me when someone replies" option is checked.

 

No, I do not see users' names under Monitor, I only see the Forti User Group which lists the LDAP Server as its sole member which in turn shows a sole AD Security Group as selected. Which is fine, configuration wise, but not at all practical in the mentioned situation.

9929
0 Kudos
srajeswaran
Staff
Staff
In response to gthalassinos

Created on ‎02-28-2023 10:56 PM

I just checked in my device running 6.2 and I can see the active users are visible under the Monitor TAB. Non active users are not visible on FW list.

 

Active SSL VPN users:

srajeswaran_0-1677653745524.png

 

Active Firewall users:

srajeswaran_1-1677653764968.png

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
9912
0 Kudos
Yurisk
SuperUser
SuperUser

Created on ‎03-01-2023 01:22 AM

Hi, 

what kind of LDAP integration you have - LDAP polling, FSSO agent ?

If you have FSSO Agent kind, then inside FSSO Agent GUI you can clear the cache  Collector Agent GUI -> Show Logon Users -> Clear user cache

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
9906
0 Kudos
gthalassinos
New Contributor II
In response to Yurisk

Created on ‎03-04-2023 01:27 PM

Hi Yurisk,

 

I can not tell the type of integration. If it is a creation parameter I would not know anyway since I was not the one who set this up. Whatever the case may be, I do not seem to find the Collector Agent GUI in order to follow your instructions.

 

Regards

9885
0 Kudos
gthalassinos
New Contributor II

Created on ‎03-04-2023 01:23 PM

I probably do not relay info in the correct manner. Here are screenshots from the firewall.

 

Under "User & Device" > "User Groups" there is an "SSL_VPN_Users_Group" whose Member is the LDAP Server "Windows_AD"

gthalassinos_0-1677963476699.png

 

Under LDAP Servers there is only one Server : the aforementioned "Windows_AD"

gthalassinos_2-1677963911780.png

with the following configuration : 

gthalassinos_1-1677963887938.png

I am not trying to see Active Users' Names in the Monitor section.

I am trying to find a list of all actual Windows users in the "SSL_VPN_Users_Group" that are synced from the Windows Server and can *potentially* log in.

 

When I used the "Test User Credentials" feature, I was able to get a Successful result both with the old password as well as with the new. I assume therefore that there exists a cache which had not been cleared or fully resynced and allowed for both passwords to be accepted as correct.

 

I hope what I am saying is clearer now.

 

Thanks again. I am still not getting notified of your replies.

9885
0 Kudos
srajeswaran
Staff
Staff

Created on ‎03-04-2023 11:12 PM

You can view the cached users list as below.

1) Go to User & Devices -> User Definition -> Create New.
2) On 'User Type', choose 'Remote LDAP user' and select 'Next'.
3) On 'LDAP Server', select the LDAP server name and select 'Next'.


There is also option "Discard cache and download latest entries" as in below screenshot

srajeswaran_0-1678000165940.png

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
9878
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.