Develop의 Tistory

Network

How-To authenticate users for a Fortinet IPSEC VPN to an Active Directory Server with LDAP

소소한 늙은 개발자의 메모장 2010. 4. 26. 17:46
반응형
(追記) (追記ここまで)

This how-to will explain how to use LDAP authentication to Microsoft Active Directory with an IPSEC VPN to a Fortinet device.

I’ve tested it with a Fortigate 60B and a Fortigate 100A with success.
This post assume you have a fully function VPN IPSEC configuration on your fortinet device with authentication based on a Fortigate group.

Connect to your device with SSH (or as you prefer, even with the web browser), and login as "admin".

From the console insert the following :

config user ldap

edit "GroupName"

set server "my.adserver.ip.address"

set cnid "sAMAccountName"

set dn "ou=xxx,dc=yyyy,dc=zzzz"

set type regular

set username "domain\\Administrator"

set password ENC *******************************************

next

end

Where :
- "GroupName" will be a lable of the Auth Group
- cnid will be the common name identifier, with this syntax you check the AD login name
- dn will be your LDAP tree path to reach the Organization Unit on which your users are
- type regular will be the authentication type
- username will be an account who can read your AD ldap tree (you should, and it will be better, use an account different than Administrator).
- password will be the password of tha account above

Then edit your local group with the following command

config user group

locate your VPN group and add the LDAP group created before.

Test it with a Fortinet VPN Client (http://www.fortinet.com/products/forticlient/)

Hope this help

Bye
Riccardo

 

출처 : http://www.riccardoriva.com/archives/886

반응형
(追記) (追記ここまで)

'Network' 카테고리의 다른 글

Windows 서버 시스템의 서비스 개요 및 네트워크 포트 요구 사항 (0) 2010年04月26日
IP 관련 Microsoft Windows 명령 (0) 2008年08月19日
라우팅 불가능 주소 (0) 2008年08月19日

티스토리툴바

AltStyle によって変換されたページ (->オリジナル) /