Fortinet black logo

Control Manager

Home FortiNAC 8.5.0 Control Manager
8.5.0
8.8.0
8.7.0
8.6.0
8.5.0
8.3.0

Directory set up requirements

Directory set up requirements

The following steps provide a basic outline for the procedures required to setup the Directory and its communication with FortiNAC.

  1. Enable ping on the Directory Server itself. This allows FortiNAC to ping the Directory server and prevents the server Icon in the Network Device Summary panel on the dashboard from displaying an error as if it had lost contact when, in fact, it is in contact via LDAP.

    If you plan to use the top level (root) of the Directory tree as a Group search branch, make sure that you use Config Wizard to configure DNS in FortiNAC so that the IP address of the Directory can be resolved to the Directory's hostname. In addition, the IP Address must be resolved by the Primary DNS server.

  2. Set up the connection between the Directory application and FortiNAC. This step provides log in information allowing FortiNAC to connect and communicate with the Directory. See Directory configuration and Add/modify directory - Connection tab.

  3. Map directory data fields to FortiNAC data fields. This step allows you to import user and group information into your database. See Add/modify directory - User Attributes tab and Add/modify directory - Group Attributes tab.

  4. Configure User and Group Search Branches. See Add/modify directory - Search Branches tab.

  5. Data in your directory can change frequently. Users could be added, removed or modified. Those changes need to be incorporated into your FortiNAC database. Create a schedule to synchronize the directory with the FortiNAC database. See Schedule directory synchronization.

  6. If you plan to use SSL or TLS security protocols for communications with your LDAP directory, you must have a security certificate. See Create a keystore or SSL or TLS communications to LDAP.

  7. If you choose to use logon/logoff scripts to register the host machine when a user logs on or off a domain, see Passive registration using the domain controller.

    You may need to access your Directory using a separate interface to acquire log in, group and user information.

    If you create new users in the Directory, be sure not to assign a User ID that is the same as an existing user account or guest account in the FortiNAC database. Having duplicate User ID's will prevent one or both of the users from accessing the network.

Previous
Next

Directory set up requirements

The following steps provide a basic outline for the procedures required to setup the Directory and its communication with FortiNAC.

  1. Enable ping on the Directory Server itself. This allows FortiNAC to ping the Directory server and prevents the server Icon in the Network Device Summary panel on the dashboard from displaying an error as if it had lost contact when, in fact, it is in contact via LDAP.

    If you plan to use the top level (root) of the Directory tree as a Group search branch, make sure that you use Config Wizard to configure DNS in FortiNAC so that the IP address of the Directory can be resolved to the Directory's hostname. In addition, the IP Address must be resolved by the Primary DNS server.

  2. Set up the connection between the Directory application and FortiNAC. This step provides log in information allowing FortiNAC to connect and communicate with the Directory. See Directory configuration and Add/modify directory - Connection tab.

  3. Map directory data fields to FortiNAC data fields. This step allows you to import user and group information into your database. See Add/modify directory - User Attributes tab and Add/modify directory - Group Attributes tab.

  4. Configure User and Group Search Branches. See Add/modify directory - Search Branches tab.

  5. Data in your directory can change frequently. Users could be added, removed or modified. Those changes need to be incorporated into your FortiNAC database. Create a schedule to synchronize the directory with the FortiNAC database. See Schedule directory synchronization.

  6. If you plan to use SSL or TLS security protocols for communications with your LDAP directory, you must have a security certificate. See Create a keystore or SSL or TLS communications to LDAP.

  7. If you choose to use logon/logoff scripts to register the host machine when a user logs on or off a domain, see Passive registration using the domain controller.

    You may need to access your Directory using a separate interface to acquire log in, group and user information.

    If you create new users in the Directory, be sure not to assign a User ID that is the same as an existing user account or guest account in the FortiNAC database. Having duplicate User ID's will prevent one or both of the users from accessing the network.

Previous
Next