I configured FG100E to get access using SSL and LDAP. Everything seems Ok. I can reach the LDAP Server, I can see organizational units and even create users (LDAP and RADIUS also) but when I tried to get access from the web portal it shows "Error:Permission Denied". The Portal works properly with local users which are created in the FG. But not for those who are created with the LDAP Process. Someone who knows what is missed?
By the way I am using Windows 2016 Std and FGE100 v. 5.4
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Do you have a proper policy from ssl.root to internal destination interface that has a user group specified? That user group needs to have the LDAP server as a member. If you sniff packets with "any" interface specifying the LDAP server IP as host, you wouldn't see any auth request packets coming out of FG100E when you hit with SSL VPN attempt if the policy is not configured properly.
Yes I have the Policy from ssl.root to our internal interface and also I added the group with the Ldap users. In the same Group I included local users and those are working properly. So that means that the Policy is working Properly ...and also the SSL configuration.
Have you sniffed the auth request came out toward the server when you attempt a connection?
If you think everything is correctly configured, next action I would take is open a TT at TAC.
It was solved already! For some reason at the LDAP configuration if we left the Top value of the domain, The FG will just take the "users container" but not the users which are located at the other OUs. So in the field I put the OU where my users are located and it worked!
e.g. Distinguished Name DC=Contoso,Dc=Local was replaced by OU=Unit1,DC=Contoso,Dc=Local and all OUs under "Unit1" which contains users will be validated using the DISPLAY NAME at the SSL Web Page (Display Name due we used cn at "Common Name Identifier" Field!
Thanks!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1734 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.