Will FAC ever support being a member of multiple LDAP/AD domains? I was a bit surprised to find out that it cannot be. I understand that in normal situations a machine cannot be a member of multiple domains, but I figured NAC would be able to.
We have a few different internal domains, with large numbers of users, and not being able to do automatic grouping against LDAP OU/CN membership is a pretty big burden.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi ergotherego,
look into FAC 4.2 What's new - page 7 .. yes, it's been added recently.
http://docs.fortinet.com/uploaded/files/3384/fortiauthenticator-v4.2-release-notes.pdf
Best regards,
Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Yep appears to be working. I was able to join multiple domains w/o error.
I guess I was mis-reading that new feature. The title says:
Support multiple domains for non-AD remote LDAP users
So I thought it wouldn't work against ActiveDirectory
Thanks!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1018 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.