Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mazu74
New Contributor

VPN IPSec and Active directory authentification

Hi, I configured VPN IPSec in my FG90D : * L2TP : config vpn l2tp set eip xx.xx.xx.83 set sip xx.xx.xx.81 set status enable set usrgrp " VPN-group" end * VPN-group contains : - 1 local user - my 2 LDAP Servers Windows Active directory. * Object Address " VPN-clients" with IP Range = xx.xx.xx.81 to xx.xx.xx.83 * Tunnel IPSec with Remote Gateway = Dialup User * And finally 2 policy. In my Windows 7 client with native windows connection it' s ok only with the local user defined in the Fortigate but not with my Active Directory administrator also defined in fortigate. While my LDAP servers are correctly defined : diag test is ok. I tried debug with " diag debug application fnbamd –1" , but i have only : fnbamd_fsm.c[1763] handle_req-Rcvd auth req 87 for MyDomain\Administrateur in VPN-group opt=0 prot=4 fnbamd_fsm.c[306] __compose_group_list_from_req-Group ' VPN-group' fnbamd_pop3.c[573] fnbamd_pop3_start-MyDomain\Administrateur fnbamd_auth.c[300] radius_start-Didn' t find radius servers (0) fnbamd_auth.c[685] auth_tac_plus_start-Didn' t find tac_plus servers (0) fnbamd_fsm.c[368] create_auth_session-Error starting authentication fnbamd_fsm.c[1774] handle_req-Error creating session fnbamd_comm.c[169] fnbamd_comm_send_result-Sending result 3 for req 87 With " diag test authserver ldap MyServerLDAP MyUserName MyPassword" it' s ok !!! I have multiple line begin " fnbamd_ldap" . Help please. Thanks. Steph
2 REPLIES 2
mazu74
New Contributor

It' s ok. Also, i must add ldap users individually in USER DEFINITION with option " Match user on LDAP server" and add this users to VPN L2TP groups (VPN-group). Don' t forget specify LAN DNS Server in " System \ Network \ DNS" Thanks
Marco
New Contributor III

And use PAP on the Client... CHAP isn't supported with LDAP (for PPTP, L2TP, IPSEC VPN).

->  FortiOS 5.4 Online Help  >  Chapter 4 - Authentication  >  Configuring authenticated access

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors