Hot!LDAP User and VPN Portal issue

Author
Darvid
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/01/27 06:32:25
  • Status: offline
2019/04/18 05:54:02 (permalink) 5.6
0

LDAP User and VPN Portal issue

Hi all
I try to give a VPN Portal access to a new user.
User Definition/Remote LDAP User
First issue : choose an LDAP Server (I have 7 defined).. get the tree of OU, but no accounts are displayed ! and a popup print "Timed out"
Only one of my seven defined LDAP Server is displaying correctly accounts. So I can select the user, put it in the authorized groups.
Second issue : I can't use nor vpn portal or vpn-ssl.
In VPN event log, I have the message "SSL user failed to logged in", in detail, I can see under Action : "sslvpn_login_unknown_user" and Source the groupe is not displayed, it seem the user isn't find in LDAP.
I've test connectivity on each ldap server and it's successful.
 
Is there a known bug with 5.6.4 release or an ldap query limitation ? there are thousands of accounts in AD but so far, I have never had any problems with that..
 
David
#1

4 Replies Related Threads

    Darvid
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/01/27 06:32:25
    • Status: offline
    Re: LDAP User and VPN Portal issue 2019/04/18 06:13:44 (permalink)
    0
    I also test 
    diagnose test authserver ldap <server> <account> <password>
    Succeed with group membership ok
    #2
    IShall
    Bronze Member
    • Total Posts : 31
    • Scores: 0
    • Reward points: 0
    • Joined: 2008/10/02 16:33:41
    • Status: offline
    Re: LDAP User and VPN Portal issue 2019/04/22 15:51:36 (permalink)
    0
    Hello,
    We recently purchased some Fortigates (based on pre-sales advice), having a requirement that user authentication on an SSL portal could be configured to use LDAP AND RADIUS (not OR). i.e. on logon to the portal, the user needs to enter both LDAP and RADIUS credentials.
    I have got both LDAP and RADIUS to work individually, however cannot see how to force both.
    Fortinet support has told me I now need to purchase a FortiAuthenticator if I want to do this.
    Has anyone managed to do this or do I really need the additional kit ?
     
    Kind regards,
    #3
    IShall
    Bronze Member
    • Total Posts : 31
    • Scores: 0
    • Reward points: 0
    • Joined: 2008/10/02 16:33:41
    • Status: offline
    Re: LDAP User and VPN Portal issue 2019/04/22 16:23:37 (permalink)
    0
    Apologies, this should been a new thread :(
    #4
    Alivo_ FTNT
    Silver Member
    • Total Posts : 71
    • Scores: 22
    • Reward points: 0
    • Joined: 2013/04/30 12:42:47
    • Location: Fortinet TAC Prague
    • Status: offline
    Re: LDAP User and VPN Portal issue 2019/04/23 01:11:53 (permalink)
    5 (1)
    Hello David, the timeout issue should be possible to overcome by adjusting number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers:
     
    config system global 
    set remoteauthtimeout X (X for number of seconds, default being 5)
    end

    This could also resolve your next issue. It is useful for large LDAP environments.

    P.S. The 7 ldaps point to the same LDAP database?
    Alivo
    #5
    Jump to:
    © 2019 APG vNext Commercial Version 5.5