Hot!FSSO no Internet

Author
kelvyn
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/23 14:27:08
  • Status: offline
2019/01/23 16:10:46 (permalink) 6.0
0

FSSO no Internet

Hello everyone,

I'm having a problem with user authentication and rule filtering in Fortinet.
Here is my problem:
After configuring the LDAP server and SSO in Fortinet, I define a group of users based on an AD group. I create a rules to filter these users, but the rules do not apply.
The computers in the other VLANs are authenticated with the Fortinet IP address and not the station IP address in the SSO agent.
I saw on another post where I had to put the AD Poll and not the Fortinet SSO agent. But when I turn on AD polling my users have a Fortinet web page asking them to authenticate.
Can you help me solve this problem?
 
Regards
 
post edited by kelvyn - 2019/01/24 10:38:18
#1

4 Replies Related Threads

    baggins
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/07/12 06:06:20
    • Status: offline
    Re: FSSO no Internet 2019/01/24 00:42:25 (permalink)
    0
    Hi Kelvyn,
     
    Can you please reupload your configuration..
    #2
    kelvyn
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/01/23 14:27:08
    • Status: offline
    Re: FSSO no Internet 2019/01/24 10:58:09 (permalink)
    0
    Hi,
    Here is configuration screenshot : https://imgur.com/a/2R0Wtp3
     
    Regards
    #3
    baggins
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/07/12 06:06:20
    • Status: offline
    Re: FSSO no Internet 2019/01/25 00:04:32 (permalink)
    0
    Hi,
     
    Thnx for the screenshoots...
     
     Related to the FSSO troubleshooting you can check with this for some problems:
    diag debug authd fsso server-status 
    diag debug auth fsso list
    diag debug enable

     
    On the other hand I had a problem with this part of the configuration:
    config authentication rule
        edit "ntlm"
            set status enable
            set protocol http
            set ip-based enable
            set active-auth-method 'ntlm'
            set sso-auth-method 'fsso'
            set comments 'optional'
        next
    end
    config authentication scheme
        edit "ntlm"
            set method ntlm basic
            set user-database "yourAD1" "yourAD2"
        next
        edit "fsso"
            set method fsso
        next
    end

    config authentication setting
        set active-auth-scheme "ntlm"
        set sso-auth-scheme "fsso"
    end

     
    so check those two if you have it configured and what the logs are telling you.
    Let me know the result so we can troubleshoot further.
     
    And when you are finished with CLI don't forget to clean.. :)
    diagnose debug disable
    diagnose debug flow trace stop
    diagnose debug flow filter clear
    diagnose debug reset

     
    #4
    kelvyn
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/01/23 14:27:08
    • Status: offline
    Re: FSSO no Internet 2019/01/25 17:58:48 (permalink)
    0
    Hi,
    Thanks for you reply.
    When i paste command in CLI, i have an error with this command :
    set active-auth-method 'ntlm'
    entry not found in datasource

    value parse error before 'ntlm'
    Command fail. Return code -3
     
    Regards
     
     
    #5
    Jump to:
    © 2019 APG vNext Commercial Version 5.5