Fortinet Cilent

[Giovanni Jones]

I am currently in the process of configuring a TACACS+ server to integrate with our Active Directory via LDAP. The goal is to allow Fortinet devices to authenticate users against the LDAP backend.

While the TACACS+ server is running and all connections appear to be established correctly, I am encountering an issue: the Fortinet device is not authenticating any users, including both AD users and local TACACS+ users.

I have verified connectivity between the Fortinet and the TACACS+ server, as well as between TACACS+ and the LDAP/AD server, but authentication attempts continue to fail. I would greatly appreciate your guidance or recommendations on troubleshooting this issue.

Thank you for your time and support. I look forward to your advice.

[Marc Huber]

Hi,

I'd start debugging this with

diag test authserver tacacs+ <server> <username> <password>

on the forti cli, with tac_plus-ng running in debug mode, and checking for valid authentications and the authorizations. Fortigate uses "fortigate" as service and requests memberof/admin_prof/vdom, and some of those will likely be used for role mapping.

May Fortinet knowledge is pretty limited, but that's what I remember from interoperability testing some time ago.

Cheers,

Marc

--
You received this message because you are subscribed to the Google Groups "Event-Driven Servers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to event-driven-ser...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/event-driven-servers/c21f333d-b81b-4501-a954-a9205e1123b0n%40googlegroups.com.