Before proceed to the next step log on to Active Directory Users and Computers snap in and create a user for FortiGate authentication.
My FortiGate Authentication user details as follow.
Name: Fortinet Agent
User Logon Name: fortinet
To configure LDAP Server authentication on your FortiGate device (Firmware Version 5) go to User & Device -> Authentication -> LDAP Servers. Then click Create New.
Enter LDAP server settings as below.
Name: LDAP_1
Server Name/IP: Domain Controller IP Address
Server Port: 389
Common Name Identifier: sAMAccountName
Distinguished Name: DC=domain,DC=local
Bind Type: Regular
*User DN: CN=Fortinet Agent,OU=Staff,DC=domain,DC=local
Password: <Fortinet Agent Password>
To get the User DN, log on to your domain controller server and execute below command(s) in cmd.
dsquery user – Will output all user DN
dsquery group – Will output all group DN
Click on Test to test the configuration.
Go to User & Device -> User Groups and click Create New to create new User Group for LDAP.
Give it a name and click Add to add remote LDAP server in Remote Groups section. If you want to select specific group from Active Directory, deselect Any option and browse the required group.
Now you can select created LDAP user group for any authentication rule.
Leave a Reply