FortiGate Version 3.0 MR4 Administration Guide
326 01-30004-0203-20070102
Windows AD servers User
Configuring PKI users
Go to User > PKI and select Create New or the Edit icon of an existing PKI user.
Figure 211:PKI user configuration
Windows AD servers
On networks that use Windows Active Directory (AD) servers for authentication,
FortiGate units can transparently authenticate users without asking them for their
user name and password. You must install the Fortinet Server Authentication
Extensions (FSAE) on the network and configure the FortiGate unit to retrieve
information from the Windows AD server. For more information about FSAE, see
the FSAE Technical Note.
Go to User > Windows AD to configure Windows AD servers.
Figure 212:Windows AD server list
Name Enter the name of the PKI user. This field is mandatory.
The PKI user can also be defined in the CLI using config user peer or
config. For more information, see the FortiGate CLI Reference.
Subject Enter the text string that appears in the subject field of the certificate of the
authenticating user. This field is optional.
CA Enter the CA certificate that must be used to authenticate this user. This field
is optional.
Note: Even though Subject and CA are optional fields, one of them must be set. The
following fields in the PKI User dialog correspond to the noted fields in the PKI User List:
Name: User Name
Subject: Subject
Issuer: CA (CA certificate)
Create New Add a new Windows AD server.
FortiClient AD The name of the Windows AD server with FSAE.
You can expand the server name to display Windows AD domain group
information.
IP Address The IP addresses and TCP ports of up to five collector agents that send
Windows AD server logon information to the FortiGate unit.
Delete icon Delete this Windows AD server.
Edit icon Edit this Windows AD server.
Refresh icon Get current domain and group information from the Windows AD server.
To Next Page
Loading...
