Help
Wireless Controller
Dedicated Wi-Fi control and management for high density and mobility
shruthinr
Staff
Staff

Created on ‎11-06-2017 02:17 AM

Article Id 198124

Technical Note: Can Domain\Username format be used when doing 802.1 x LDAP authentication from wireless devices

Description
This article explains whether "Domain\Username” format can be used when doing 802.1 x LDAP authentications from a Wireless device.

Scope
FortiGate, FortiWiFi, FortiAP: Any version.

Solution
WPA2-Enterprise (802.1x) LDAP Authentication

Usernames are searched for by looking for a specific LDAP attribute.  The default is "cn".  Active directory usually needs "SamAccountName".

The problem with "domain\Username" is that it is not an LDAP attribute, so it is not possible to configure it, hence Domain\Username” format cannot be used when doing 802.1 x authentications.  The authentication will fail.

For information, LDAP is configured on FortiGate and FortiWiFi as follows:
boson-kvm40 # config user ldap
boson-kvm40 (ldap) # edit <ldap server>
boson-kvm40 (10.120.5.12) # set cnid "SamAccountName"
boson-kvm40 (10.120.5.12) # end

For further details refer to the configuration guides available in the Fortinet Document Library.

818
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.