I. Add LDAP server to Fortigate
1. In tab User & Device -> LDAP server -> Create New
2. Fill information of LDAP Server
- Name: fill the name of LDAP server.
- Server IP name: IP of LDAP server.
- Server Port: 389.
- Common Name Identifier: sAMAccountName.
- Distinguished name: if your local domain is abc.local, let fill dc=abc,dc=local.
- Blind Type: chose REgular.
- User DN: fill your AD account, eg: fortinet@abc.local.
- Password: fill your password.
You can click to test button to check the connection with LADP server.
II. Add user or group to Fortigate from LDAP server
1. Create user from LDAP server
1. Create user from LDAP server
- In tab User&Device -> User Definition, choose Create New.
- In next step, choose Remote LDAP User in User Type tab and next.
- In tab LDAP server, choose LDAP server which create before and next.
- In tab Remote Users, choose the user and create.
2. Create group from LDAP server
- In tab User&Device -> User Group, choose Create New.
- Fill name of the group and click create new.
- Choose Remote server and group from AD server.
III. Enable captive portal in LAN interface
- In Network tab -> Interface, choose the LAN interface of your network.
- Choose Captive portal in Security mode of Admission Control.
- In User Access field:
- Choose Allow all if you want anyone can authentic.
- Choose Restricted to Groups if you want some groups can authentic.
- Add user groups which you allow authentication in User groups field.
- Add bypass authentication source address in Exempt sources field.
- Add bypass authentication destination address/services in Exempt destination/service field.
Sorry for my english. Hope this post is useful for you. Next post, i will share about login page customizing.
No comments:
Post a Comment