Configure the LDAP server as shown below:
config user ldap
edit <name>
set server <ip of server>
set cnid sAMAccountName
set dn <domain> (ex. dc=domain,dc=local)
set type regular
set username <dn of a user> (ex. CN=Administrator,CN=Users,DC=domain,DC=local)
set password <password>
end
config user fsso
edit "Local FSSO Agent"
set ldap-server "AD_Server"
set server "127.0.0.1"
next
end
Configure the group address:
config user adgrp
edit "CN=Domain Users,CN=Users,dc=example,dc=local"
set polling-id 1
set server-name "Local FSSO Agent"
next
end
As a last step to configure the client-polling FSSO follows:
config user fsso-polling
edit 1
set server "10.0.0.10"
set user "EXAMPLE\\Administrator"
set password ENC XCRATImq8g/CNu4ng
set ldap-server "EXAMPLE_LDAP"
config adgrp
edit "CN=Domain Users,CN=Users,dc=example,dc=local"
next
end
next
end
After performing these steps by command line you can go to the GUI interface to associate with the User Groups created for its use in firewall policies.
To perform the validation settings the following diagnostic commands are added.
#diagnose debug fsso-polling detail
#diagnose debug fsso-polling summary
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.