Fortiauthenticator and Netscaler

ManCarreras · ‎01-12-2022

Dear,

Recently I've deployed one 2FA with Nestscaler and Fortiauthenticator + LDAP, I've imported the LDAP users and the authentication with 2FA is working.The problem arrives whe the user password expires, How can I send the password renewal to the user?

My best regards and thank you in advance.

Anonymous · ‎01-17-2022

Hello @ManCarreras

Welcome to Fortinet community and Thank you for your post. Hopefully, you've been keeping safe and doing well!

You are trying to send password renewal to the user. We will have this looked and will reach you back as soon as possible.

You should receive an update from one of the team member soon. Thanks for your patience on this.

Regards

ManCarreras · ‎01-17-2022

Dear Aashiq,

Thanks for your reply,

I've have achieve to get the renewal password request by enabling LDAPS and MS-CHAPv2 between Netscaler 13 and Fortiauthenticator, but when the user tries to change the password returns an Invalid password message.

Regards

lmarinovic · ‎01-20-2022

Hello @ManCarreras

There is an option under Authentication --> User account policies --> General

"Request password reset after token verification"

When you disable this option password change will work, as it will first use the password change and then token after it.

Probably token is interrupting the flow of password change in this case.

https://docs.fortinet.com/document/fortiauthenticator/6.4.1/administration-guide/749421/general

For example Fortigate and Forticlinet can work with both options, but in this case Citrtix Netscaler or any other third party radius client will have to have this option disabled if it not supporting the token in the middle of flow.

Regards

Lazar Marinovic

Best regards

Lazar Marinovic

Fortiauthenticator and Netscaler

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website