Helpful ReplyHot!Authenticate to VPN SSL Portal via AD credentials?

Author
joebrug
New Member
  • Total Posts : 15
  • Scores: 2
  • Reward points: 0
  • Joined: 2015/01/08 17:06:04
  • Status: offline
2015/01/15 17:20:53 (permalink)
0

Authenticate to VPN SSL Portal via AD credentials?

Can you authenticate via an ldap user to the SSL web portal? Using 5.2.2 Forticlient. I just today set up the web portal, so something could definitely be misconfigured there. However, I created an SSL VPN Group, added the Domain Users group to it as a test from AD. Also created a local user called "test" and added it to that group.  I can log in as 'test' but not as any user of AD. 
#1
neonbit
Gold Member
  • Total Posts : 321
  • Scores: 20
  • Reward points: 0
  • Joined: 2013/07/02 21:39:52
  • Location: Dark side of the moon
  • Status: offline
Re: Authenticate to VPN SSL Portal via AD credentials? 2015/01/15 22:51:49 (permalink)
5 (1)
Yes, you can use LDAP groups/users for your SSLVPN logins.
 
First thing I would do is confirm that LDAP is configured correctly.
 
1. Ensure that the common name identifier you have configured maps to the username format you use for the SSL login.
2. When you click on Fetch DN you should be able to browse your LDAP structure
3. Test should show up as successful
 
 
post edited by neonbit - 2015/01/15 22:59:32

Attached Image(s)

#2
neonbit
Gold Member
  • Total Posts : 321
  • Scores: 20
  • Reward points: 0
  • Joined: 2013/07/02 21:39:52
  • Location: Dark side of the moon
  • Status: offline
Re: Authenticate to VPN SSL Portal via AD credentials? 2015/01/15 22:58:03 (permalink) ☄ Helpfulby westekim 2015/06/22 03:03:23
0
When you create your usergroup ensure that you have the ldap server configured under 'Remote groups' and that the correct AD group is selected.
 
You can always test your LDAP configuration and user credentials via the CLI using the diagnose test authserver ldap command.
 
fortigate # diagnose test authserver ldap ad-ldap myusername m4hp@ssw0rd
authenticate 'myusername' against 'ad-ldap' succeeded!
Group membership(s) - CN=sslusers,OU=Groups,DC=domain,DC=com
                                  CN=Domain Users,CN=Users,DC=domain,DC=com

#3
joebrug
New Member
  • Total Posts : 15
  • Scores: 2
  • Reward points: 0
  • Joined: 2015/01/08 17:06:04
  • Status: offline
Re: Authenticate to VPN SSL Portal via AD credentials? 2015/01/16 11:31:28 (permalink)
0
ah-ha..
using your cli test, I realized that using my username would fail authentication, but if I use my Full Name i.e. "John Doe" ldap allowed me to login. Is that because im using CN as the Common Name Identifier?
 
#4
barthur
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/08/25 10:18:16
  • Status: offline
Re: Authenticate to VPN SSL Portal via AD credentials? 2017/03/03 12:32:09 (permalink)
0
How can you have a level of redundancy in the Windows Active Directory Authentication?
 
Under "Remote Groups" can I add a second AD Server and that second server would respond if the first server didn't?
#5
MikePruett
Platinum Member
  • Total Posts : 506
  • Scores: 6
  • Reward points: 0
  • Joined: 2014/01/08 19:39:40
  • Location: Montgomery, Al
  • Status: online
Re: Authenticate to VPN SSL Portal via AD credentials? 2017/03/03 14:31:52 (permalink)
0
Depends on how your environment is laid out.

Mike Pruett
Fortinet GURU
#6
Jump to:
© 2017 APG vNext Commercial Version 5.5