Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jyndros
New Contributor

fnbamd_ldap_result-Failed group matching

Hi,

new in FG and new here, so please forgive me if something isn't clear.

 

Short description: FG100D v6.0.1 build 0131 I want to allow logging to FG device (GUI and CLI) using AD group (update AD group for allow/deny logging to device). So I've setup LDAP server, User Group that includes AD server and Admin user with that UserGroup. Next to LDAP I also have setup Radious > point to MS NPS - this is use for L2TP VPN access. Now - when I add a user to the related AD group for logging it does not work and end with:    - debug application fnbamd -1 shows: fnbamd_ldap_result-Failed group matching    - sustem Event shows: Administrator admin_test login failed from https(IP) because of invalid password However, If I add the admin_test AD account to the AD group for VPN (this group is add/setup on MS NPS server, not on the FG device), then admin_test AD account can successfully login to the FG. Question: What I'm doing wrong? Attached is a file with settings and debug log. Many thanks in advance. jyndros

 

3 REPLIES 3
jyndros
New Contributor

Hi experts, no one can help me?

leredz
New Contributor

wow was hoping to find an answer for that

Nico2
New Contributor

Hello,

I've solved this by adding the group in the firewall policy rule.

Best regards,

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors