AD Authentication for Fortigate SSLVPN

By | February 16, 2009

I am currently using a fortigate Firewall with an SSLVPN.
And I need to get the AD authentication working for users.

It was like pulling teeth to try to get this done.

I hope this helps others!

 

 

1. Create a service account in AD for Authentication with "Domain User" credentials.
2. In the Fortigate web access, Go into Users>Remote
3. Under LDAP Authentication Click "Create New"
4. Give the LDAP Config a meaningful name
5. Type in the IP of an Domain Controller and the Server port should be 389
6. The common name identifier should be "cn"
7. The Distunguished Name should be the location of the users in AD who will Authenticate.
(e.g., OU=corp users,DC=mydomain,DC=com)
8. The binding should be "regular".
9. The filter should look like this: (&(objectcategory=group)(member=*))
10. Next fill in the user DN with the service account info you just created.
(e.g., cn=fortigateservice,OU=service accounts,DC=mydomain,DC=com)
11. Put in the password! ***Make sure as to set the password to "Never Expires!"***
12. Click ok! Done!!

 

Tip: Make the service account password some crazy long with numbers and Symbols!

This information is provided "AS IS" with no warranties expressed or implied.

 

Leave a Reply

Your email address will not be published. Required fields are marked *