Dear peope, please cooperate in this problem. You already have AD and fortigate LDAP configured correctly, but it happens to me only with a few random users that when they change the password, it expires sooner in the forticlient VPN, throwing error -7200, therefore the password must be re-entered without change option in AD and it works again. It is tested with a VPN account without LDAP and it connects, ruling out a VPN problem.
Does anyone know why this happens and how it can be solved. The configuration works correctly for everything else, but it only happens to me with 3 or 4 users at random.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
That is an interesting description. Note however that the FortiClient or FortiGate do not have influence on the password. It isn't stored and as such cannot expire; this is AD controlled and they might have some GPO valid for them that dictates a lower validity timer for the password.
Any authentication will always be fully tried against the FGT (from FortiClient viewpoint) and to LDAP (from FortiGate viewpoint). A response from LDAP about an expired password will then be plainly forwarded back the chain to the endpoint.
Alternatively it could be a misinterpretation, such that the error is not with an expired password but another error. -7200 is generic.
Debug on FortiGate can always help:
diag debug console timestamp enable
diag debug app fnbamd -1
diag debug app sslvpn -1
diag debug enable
Best regards,
Markus
Hello, I have the same experience with AD accounts in our organization. Typically, a month before the password expires, logging in with FortiVPN stops working. It is something between 30 to 32 days. The domain has the original Microsoft settings for passwords without any GPO modifications. This happens to most users including users with the password never expires option.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.