MAB and LDAP

Author
sebabert
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/11/28 07:42:45
  • Status: offline
2020/08/05 10:53:09 (permalink)
0

MAB and LDAP

Hi all,
I'm trying to understand if it is possible to authenticate non-802.1X compliant devices (e.g. printers) via LDAP.
I've deployed FAC VM and MAB is possible only with local users and groups. It is correct?
 
Thanks for your help.
Sebastiano Bertoli
#1

1 Reply Related Threads

    xsilver
    Expert Member
    • Total Posts : 539
    • Scores: 135
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Location: EMEA
    • Status: offline
    Re: MAB and LDAP 2020/09/11 00:53:31 (permalink)
    0
    Hi,
    hope you found out.
    But just in case .. 
     
    1. set your devices with their MAC addresses to Authentication > User Management > MAC Deices
    2. set those individual MAC Devices into group Authentication > User Management > User Groups > Create New > set Type = MAC and select your devices from step (1)
    3. let's say we are on 6.1 version where the Authentication > RADIUS Service is split between Clients and Policies, so set up new policy for your network with Authentication Type set to 'MAC authentication bypass (MAB)'.
    Then in Identity Source > Authorized Groups you should be able to choose group created in step (2)
    4. finish policy creation, and I would move it above other policies to sort of exempt those MAC address defined devices from further authentication attempts.
     
    More can be found in Admin guides when you click the (?) icon in top right corner of FAC GUI.
    For example: https://docs.fortinet.com...-guide/416152/policies

    Kind Regards,
    Tomas
    #2
    Jump to:
    © 2020 APG vNext Commercial Version 5.5