DescriptionSome FortiGate models such as series 20, 30, 40, 50 provide some functionality available only for CLI. This guide serves as a reference for the settings FSSO user-Polling in these models.ScopeConfigure FSSO-Polling user for CLISolutionConfigure the LDAP server as shown below:
config user ldap
edit <name>
set server <ip of server>
set cnid sAMAccountName
set dn <domain> (ex. dc=domain,dc=local)
set type regular
set username <dn of a user> (ex. CN=Administrator,CN=Users,DC=domain,DC=local)
set password <password>
end
config user fsso
edit "Local FSSO Agent"
set ldap-server "AD_Server"
set server "127.0.0.1"
next
end
Configure the group address:
config user adgrp
edit "CN=Domain Users,CN=Users,dc=example,dc=local"
set polling-id 1
set server-name "Local FSSO Agent"
next
end
As a last step to configure the client-polling FSSO follows:
config user fsso-polling
edit 1
set server "10.0.0.10"
set user "EXAMPLE\\Administrator"
set password ENC XCRATImq8g/CNu4ng
set ldap-server "EXAMPLE_LDAP"
config adgrp
edit "CN=Domain Users,CN=Users,dc=example,dc=local"
next
end
next
end
After performing these steps by command line you can go to the GUI interface to associate with the User Groups created for its use in firewall policies.
To perform the validation settings the following diagnostic commands are added.
#diagnose debug fsso-polling detail
#diagnose debug fsso-polling summary
