Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kelvyn
New Contributor

FSSO no Internet

Hello everyone,

I'm having a problem with user authentication and rule filtering in Fortinet. Here is my problem: After configuring the LDAP server and SSO in Fortinet, I define a group of users based on an AD group. I create a rules to filter these users, but the rules do not apply. The computers in the other VLANs are authenticated with the Fortinet IP address and not the station IP address in the SSO agent.

I saw on another post where I had to put the AD Poll and not the Fortinet SSO agent. But when I turn on AD polling my users have a Fortinet web page asking them to authenticate. Can you help me solve this problem?

 

Regards

 

4 REPLIES 4
baggins
New Contributor III

Hi Kelvyn,

 

Can you please reupload your configuration..

kelvyn
New Contributor

Hi,

Here is configuration screenshot : https://imgur.com/a/2R0Wtp3

 

Regards

baggins
New Contributor III

Hi,

 

Thnx for the screenshoots...

 

 Related to the FSSO troubleshooting you can check with this for some problems:

diag debug authd fsso server-status 
diag debug auth fsso list
diag debug enable

 

On the other hand I had a problem with this part of the configuration:

config authentication rule
    edit "ntlm"
        set status enable
        set protocol http
        set ip-based enable
        set active-auth-method 'ntlm'
        set sso-auth-method 'fsso'
        set comments 'optional'
    next
end
config authentication scheme
    edit "ntlm"
        set method ntlm basic
        set user-database "yourAD1" "yourAD2"
    next
    edit "fsso"
        set method fsso
    next
end

config authentication setting
    set active-auth-scheme "ntlm"
    set sso-auth-scheme "fsso"
end

 

so check those two if you have it configured and what the logs are telling you.

Let me know the result so we can troubleshoot further.

 

And when you are finished with CLI don't forget to clean.. :)

diagnose debug disable
diagnose debug flow trace stop
diagnose debug flow filter clear
diagnose debug reset

 

kelvyn
New Contributor

Hi,

Thanks for you reply.

When i paste command in CLI, i have an error with this command :

set active-auth-method 'ntlm' entry not found in datasource value parse error before 'ntlm' Command fail. Return code -3

 

Regards

 

 

Labels
Top Kudoed Authors