Fortinet v3.0 MR7 instruction


Authentication servers	LDAP servers

The output is lengthy, but the information you need is in the first few lines:

version: 2

#

#filter: (objectclass=*)

#requesting: ALL

#

dn: dc=example,dc=com

dc: example

objectClass: top

objectClass: domain

dn: ou=People,dc=example,dc=com

ou: People

objectClass: top

objectClass: organizationalUnit

...

dn: uid=auser,ou=People,dc=example,dc=com

uid: auser

cn: Alex User

Configuring the FortiGate unit to use an LDAP server

After you determine the common name and distinguished name identifiers and the domain name or IP address of the LDAP server, you can configure the server on the FortiGate unit. The maximum number of remote LDAP servers that can be configured for authentication is 10.

To configure the FortiGate unit for LDAP authentication - web-based manager

1Go to User > Remote > LDAP and select Create New.

2Enter the following information, and select OK.

FortiOS v3.0 MR7 User Authentication User Guide
01-30007-0347-20080828	21

Image 21

Fortinet v3.0 MR7 manual Configuring the FortiGate unit to use an Ldap server

Contents

E R G U I D E Trademarks FortiOS v3.0 MR7 User Authentication User Guide Contents Users/peers and user groups Configuring authenticated accessIndex Creating local users Creating peer users Introduction About authentication User’s view of authentication Web-based user authenticationVPN client-based authentication See Creating local users on See Creating peer users on FortiGate administrator’s view of authentication See Configuring user groups on Authentication servers Peers Public Key Infrastructure PKI authenticationUsers User groups About this document Authentication timeoutFirewall policies VPN tunnels Name field, type admin FortiGate documentationTypographic conventions Related documentation FortiGate Administration Guide FortiClient documentation FortiManager documentationFortiMail documentation FortiAnalyzer documentation Fortinet Tools and Documentation CD Customer service and technical supportFortinet Knowledge Center Comments on Fortinet technical documentation Radius servers Authentication servers Radius attributes sent in Radius accounting message Configuring the FortiGate unit to use a Radius server Primary Server Secret Primary Server Name/IP Group Edit icon Edit a Radius server configuration Ldap servers Ldapsearch -x objectclass= Configuring the FortiGate unit to use an Ldap server Server Port PasswordCommon Name Identifier Edit To configure the FortiGate unit for Ldap authentication CLIProtocol Certificate Ldap server Distinguished Name Query tree Using the Query icon Ascii TACACS+ servers Server Key Authentication Type Directory Service servers Domain Create NewGroups Fsae Collector IP Fsae Collector IP/Name Port Directory Service server configuration Name CLI Example Directory Service server list Directory Service servers Users/peers Users/peers and user groups User type Authentication Creating local usersTo create a local user web-based manager Go to User Local To view a list of all local users, go to User Local Delete icon Edit iconTo create a local user CLI To remove a user from the FortiGate unit configuration CLI Creating peer usersDelete icon Authenticating peer user To view a list of PKI peer users, go to User PKISubject Remove PKI peer user To create a peer user for PKI authentication CLI Directory Service user groups User groupsFirewall user groups Protection profiles SSL VPN user groups Configuring user groups Select Create New and enter the following informationFirewall To create a firewall user group CLI Configuring Directory Service user groupsMembers FortiGuard Web Available Users/Groups or Available Members Configuring SSL VPN user groups Viewing a list of user groups Configuring Peer user groupsTo create a peer group CLI Group Name Config user group delete groupname End User groups Authentication protocols Authentication timeoutEnter the Idle Timeout value seconds Select Apply Telnet Authentication Settings Firewall policy authentication Authentication is an Advanced firewall option Configuring authentication for a firewall policyTo configure authentication for a firewall policy Go to Firewall Policy Firewall Policy Move To Firewall policy order Configuring authenticated access to the Internet Source InterfaceZone Configuring authentication of SSL VPN users VPN authenticationSelect Enable SSL-VPN and enter information as follows Go to VPN SSL Server Certificate Default RC4128Require Client Certificate Encryption Key Algorithm To configure authentication for an SSL VPN CLI Configuring authentication of Pptp VPN users/user groups Configuring authentication of VPN peers and clientsSelect Enable Pptp Select Require Client Certificate, and then select Apply Configuring authentication of remote IPSec VPN users Configuring authentication of L2TP VPN users/user groupsTo configure authentication for a Pptp VPN CLI To configure authentication for an L2TP VPN CLI To configure user group authentication for dialup IPSec CLI Only users with passwords on the FortiGate unitRemote Gateway IPSec configuration for dialup users Configuring XAuth authentication Remote Gateway Authentication Method To configure authentication for a dialup IPSec VPN CLIXAuth Server Type VPN authentication Index 01-30007-0347-20080731 MS-CHAP VSA