Posts Tagged ‘ldap’
September 21st, 2009 | 
Author: This how-to will explain how to use LDAP authentication to Microsoft Active Directory with an IPSEC VPN to a Fortinet device.
I’ve tested it with a Fortigate 60B and a Fortigate 100A with success.
This post assume you have a fully function VPN IPSEC configuration on your fortinet device with authentication based on a Fortigate group.
Connect to your device with SSH (or as you prefer, even with the web browser), and login as “admin”.
From the console insert the following :
config user ldap edit "GroupName" set server "my.adserver.ip.address" set cnid "sAMAccountName" set dn "ou=xxx,dc=yyyy,dc=zzzz" set type regular set username "domain\\Administrator" set password ENC ******************************************* next end
Where :
- “GroupName” will be a lable of the Auth Group
- cnid will be the common name identifier, with this syntax you check the AD login name
- dn will be your LDAP tree path to reach the Organization Unit on which your users are
- type regular will be the authentication type
- username will be an account who can read your AD ldap tree (you should, and it will be better, use an account different than Administrator).
- password will be the password of tha account above
Then edit your local group with the following command
config user group
locate your VPN group and add the LDAP group created before.
Test it with a Fortinet VPN Client (http://www.fortinet.com/products/forticlient/)
Hope this help
Bye
Riccardo
Print This Post
