Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dirkdigs
New Contributor

management using domain credentials

Hi i know there is LDAP authentication for forticlient VPN and single sign on but is it possible to manage the firewall itself using a domain account ? or does it Have to be a local account ?

 

thanks, 

1 REPLY 1
emnoc
Esteemed Contributor III

Yes you can use LDAP to  autenticate admin.Defined your ldap server and a admin account for remote wildcards login and have at it. it's quite userful and works

 

e.g ( jumpcloud but this would be yoru MS-AD )

 

config user ldap edit "jumpcloud" set server "52.23.54.171" set server-identity-check disable set cnid "uid" set dn "ou=Users,o=ffffffff,dc=jumpcloud,dc=com" set type regular set username "uid=ldap,ou=Users,o=ffffffff,dc=jumpcloud,dc=com" set password ENC MTAwNKmn03+4Pgekv6+UTNfl9ISOH4bEPq4DzweqTkzcIwnzy6ZZMoYUtvQQHdLrwrwFTyua+eEJRr3EmC3cdnxD89X3tC5WXWNGj8okGZMWHL9kiK8D0PQo49UC96aNU+EbHRJSXrA2u5QAAlfumOGDSNvoYTmeA0gp2te3jkqdwo3VBUugRAgb/9p0Tl7IIa4HNw== set secure ldaps set port 636 next end

 

 

config sys admin    edit "wildcards"         set remote-auth enable         set accprofile "super_admin"         set vdom "root"         set remote-group "ldap-jc" end   LDAP sever is a member if group ldap-jc   Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors