Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
alaurent
New Contributor II

Created on ‎09-04-2017 05:19 AM

Unable to add a LDAP Server (FOS 5.6 to Windows Server 2003)

I can not configure an LDAP Server on an FG-60E with FortiOS 5.6   I am trying to set up an FSSO from an FG-60E and a Windows Server 2003, but I can not add the LDAP server.   After placing the IP of the Windows 2003 Server, as well as the user and password of the domain administrator, when doing Browser to identify the Distinguished Name, the system indicates: "Invalid LDAP server"   If I put the Distinguished Name manually, and try to test the connection, it says "Invalid credentials"   All this despite the IP of the server is correct, as well as the user and password, which I am placing flat: User = Administrator Key = #####   Waiting for your comments
31069
0 Kudos
2 Solutions
Seppel
Contributor II
In response to Allan_Lago

Created on ‎09-05-2017 12:17 AM

Hi

 

Please try Username with Domain in front

username: domain\administrator

 

regards

Fortigate 500E HA Fortimail 200 Fortimanager

FortiEMS

FortiSandbox 1000D

FortiSwitch Network Some other Models in use :-) ---------------------------------------------------- FCSE ----------------------------------------------------

View solution in original post

Fortigate 500E HA Fortimail 200 Fortimanager FortiEMS FortiSandbox 1000D FortiSwitch Network Some other Models in use :-) ---------------------------------------------------- FCSE ----------------------------------------------------
8043
0 Kudos
alaurent
New Contributor II
In response to alaurent

Created on ‎09-12-2017 08:58 AM

Hello

 

The domain\username solve the problem.

 

Final conf:

Name: Local_LDAP Server IP/Name 192.168.1.29 Server Port: 389 Common Name Identifier: sAMAccountName Distinguished Name: DC=comapny1,DC=company,DC=com Bind Type: Regular Username: domain\username Password: ••••••••

 

Thanks

 

 

 

View solution in original post

8043
0 Kudos
8 REPLIES 8
Allan_Lago
New Contributor

Created on ‎09-04-2017 05:57 AM

Hi alaurent,

 

If you use Distinguished Name as your Common Name Identifier you have to change your user to DN Format which is something like this: CN=User Name, OU=Users, DC=contoso, DC=com

 

If you want to use the user account name your have to change the common name identifier to sAMAccountName.

 

Hope it helps.

 

 

 

 

 

 

   Allan Lago

   Security Analist

   allan.lago@itsense.com.br

   +55 21 96436-1884

   +55 54 99100-0949

   https://itsense.com.br

Allan Lago Security Analist allan.lago@itsense.com.br +55 21 96436-1884 +55 54 99100-0949 https://itsense.com.br
8005
0 Kudos
alaurent
New Contributor II
In response to Allan_Lago

Created on ‎09-04-2017 08:15 AM

The Windows Server and the FG are in the same network, so there are no comunication limitations

 

My FG configurations is:

Name: Local_LDAP Server IP/Name 192.168.1.29 Server Port: 389 Common Name Identifier: cn Distinguished Name: DC=comapny1,DC=company,DC=com

Bind Type: Regular

Username: Administrator Password: ••••••••

 

From de Windows Server

C:\Documents and Settings\>dsquery user "CN=Administrator,CN=Users,DC=company1,DC=company,DC=com"

8005
0 Kudos
Allan_Lago
New Contributor
In response to alaurent

Created on ‎09-04-2017 09:27 AM

Did You tried change the Common name identifier as i suggested? Change It from CN to sAMAccountName and you'll be just fine.

 

   Allan Lago

   Security Analist

   allan.lago@itsense.com.br

   +55 21 96436-1884

   +55 54 99100-0949

   https://itsense.com.br

Allan Lago Security Analist allan.lago@itsense.com.br +55 21 96436-1884 +55 54 99100-0949 https://itsense.com.br
8005
0 Kudos
alaurent
New Contributor II
In response to Allan_Lago

Created on ‎09-04-2017 11:35 AM

Yes I tried, but same error

 

Conf 1:

Name: Local_LDAP Server IP/Name 192.168.1.29 Server Port: 389 Common Name Identifier: cn Distinguished Name: DC=comapny1,DC=company,DC=com Bind Type: Regular Username: cn=Administrator,CN=Users,DC=comapny1,DC=company,DC=com Password: ••••••••

 

Conf2:

Name: Local_LDAP Server IP/Name 192.168.1.29 Server Port: 389 Common Name Identifier: sAMAccountName Distinguished Name: DC=comapny1,DC=company,DC=com Bind Type: Regular Username: Administrator Password: ••••••••

 

 

8005
0 Kudos
Allan_Lago
New Contributor
In response to alaurent

Created on ‎09-04-2017 12:56 PM

Hi!

 

Try to telnet your LDAP from fortigate using: execute telnet 192.168.1.29 389

 

if it doesnt work, it is probably the windows firewall or some antivirus blocking the connection. If it does we can dig more into this problem.

 

   Allan Lago

   Security Analist

   allan.lago@itsense.com.br

   +55 21 96436-1884

   +55 54 99100-0949

   https://itsense.com.br

Allan Lago Security Analist allan.lago@itsense.com.br +55 21 96436-1884 +55 54 99100-0949 https://itsense.com.br
8005
0 Kudos
Seppel
Contributor II
In response to Allan_Lago

Created on ‎09-05-2017 12:17 AM

Hi

 

Please try Username with Domain in front

username: domain\administrator

 

regards

Fortigate 500E HA Fortimail 200 Fortimanager

FortiEMS

FortiSandbox 1000D

FortiSwitch Network Some other Models in use :-) ---------------------------------------------------- FCSE ----------------------------------------------------

Fortigate 500E HA Fortimail 200 Fortimanager FortiEMS FortiSandbox 1000D FortiSwitch Network Some other Models in use :-) ---------------------------------------------------- FCSE ----------------------------------------------------
8044
0 Kudos
alaurent
New Contributor II
In response to alaurent

Created on ‎09-12-2017 08:58 AM

Hello

 

The domain\username solve the problem.

 

Final conf:

Name: Local_LDAP Server IP/Name 192.168.1.29 Server Port: 389 Common Name Identifier: sAMAccountName Distinguished Name: DC=comapny1,DC=company,DC=com Bind Type: Regular Username: domain\username Password: ••••••••

 

Thanks

 

 

 
8044
0 Kudos
Allan_Lago
New Contributor
In response to alaurent

Created on ‎09-12-2017 01:47 PM

Good to Know!

 

Best Regards

 

   Allan Lago

   Security Analist

   allan.lago@itsense.com.br

   +55 21 96436-1884

   +55 54 99100-0949

   https://itsense.com.br

Allan Lago Security Analist allan.lago@itsense.com.br +55 21 96436-1884 +55 54 99100-0949 https://itsense.com.br
8005
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.