Re: Fortigate 5.2.7 FSSO polling mode authentication problem
for the sake of your own sanity, please don't use Fortigate's polling mode, unless it's really necessary. There are numerous limitations compared to standalone FSSO CA design. Just from top of my head:
- NTLM is not supported
- only few events are monitored
- workstation check is not implemented
- has performance limitations
There are many success stories with standalone FSSO CA, while so few with Fortigate FSSO polling, if you know what I mean. Should I position Fortigate's polling mode in usage, I would mention extra-small designs and demonstration purposes.
If you still need to troubleshoot fsso polling mode (or you are just brave and adventurous), please be sure that you have security events audit enabled on all DC servers, and configured LDAP is really reachable.
If still no success, you can get the idea what's wrong also from your own troubleshooting; for example with debug commands:
# various debug outputs related to fssod daemon
diagnose debug fsso-polling ?
# enable continuous debug
diagnose debug console timestamp enable
diagnose debug application fssod -1
diagnose debug enable
# disable continuous debug
diagnose debug reset
diagnose debug disable