Technical Note: Can Domain\Username format be used when doing 802.1 x LDAP authentication from wireless devices
Description
Scope
Solution
This article explains whether "Domain\Username” format can be used when doing 802.1 x LDAP authentications from a Wireless device.
Scope
FortiGate, FortiWiFi, FortiAP: Any version.
Solution
WPA2-Enterprise (802.1x) LDAP Authentication
Usernames are searched for by looking for a specific LDAP attribute. The default is "cn". Active directory usually needs "SamAccountName".
The problem with "domain\Username" is that it is not an LDAP attribute, so it is not possible to configure it, hence Domain\Username” format cannot be used when doing 802.1 x authentications. The authentication will fail.
For information, LDAP is configured on FortiGate and FortiWiFi as follows:
Usernames are searched for by looking for a specific LDAP attribute. The default is "cn". Active directory usually needs "SamAccountName".
The problem with "domain\Username" is that it is not an LDAP attribute, so it is not possible to configure it, hence Domain\Username” format cannot be used when doing 802.1 x authentications. The authentication will fail.
For information, LDAP is configured on FortiGate and FortiWiFi as follows:
boson-kvm40 # config user ldap
boson-kvm40 (ldap) # edit <ldap server>
boson-kvm40 (10.120.5.12) # set cnid "SamAccountName"
boson-kvm40 (10.120.5.12) # end
For further details refer to the configuration guides available in the Fortinet Document Library.