I have mine setup for AD authentication. I am having an issue where adding my Domain Users are getting Permission Denied. However, my AD account, Administrator, all my test AD accounts can authenticate without issue. Doesn't matter what OU they are in.
In any case, here is my setup.
AD > Security Group > "SSL VPN Logins"
AD > New User > fortinet (used for LDAP Bind below).
Fortigate 100d > Authentication > LDAP Servers > Successfully configured my connection using my 'fortinet' user to authenticate. Test connection is successful.
Fortinet 100d > User > User Groups > New, "SSL VPN Sec Group".
- Under Remote Groups > Create New > Remote Server, my LDAP Server > LDAP Groups, Located my "SSL VPN Logins" AD Group > Selected group and added > OK
Fortinet 100d > VPN > SSL > Settings > Authentication/Portal Mapping > Create New > Added the "SSL VPN Sec Group" for full access
Fortinet 100d > Policy and Objects > Policy > IPv4 > ssl.root - LAN > Added Source: *, Group: Added "SSL VPN Sec Group", Destination: Local LAN, Schedule: Always, Service: All, Accept.
My issue again is that Domain Administrator, my AD test accounts, my AD account all authenticate without issue. When I add another Domain User (that may already be logged into a Domain Computer somewhere) gets "Permission Denied". I am trying to narrow down when Domain Users receive rights from a Security Group (immediately or when they relogin. If the later, does being logged on an existing computer somewhere stop Security Group permissions being applied)?