Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎11-16-2020 12:29 PM Edited on ‎05-25-2022 10:52 AM By Anonymous

Article Id 197058

Technical Tip: Policies not matching using LDAP groups after upgrade to 8.7.6 or 8.8.2

Description


A User record's LDAP group membership may not synchronize properly when the record is located in multiple directories.  If this occurs, the user will not properly match policies using LDAP group criteria.

Scope


Version:  8.7.6 and 8.8.2.


Workaround.

 Contact Support for a fix.   

 
Solution.
 Addressed in version 8.8.3
 
Once upgraded, navigate to System  -> Scheduler and manually run the task “Synchronize users with directory”
 
Note.
After directory sync is run, it can take some time before users start to match policies.

Workaround:
1) Back up existing /bsc/campusMgr/lib/yams-plugins.jar to another directory (/bsc/campusMgrUpdates/).

2) Stop services.

           shutdownNAC

3) Copy into place.

           cp yams-plugins.jar_patch_8_7_6 /bsc/campusMgr/lib/yams-plugins.jar
 
4) Startup services.
 
            startupNAC
 
5) Navigate to System -> Scheduler and manually run the task 'Synchronize users with directory'.
 
Note.
After directory sync is run, it can take some time before users start to match policies.
Labels:
328
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.