Administrators System Admin
FortiGate Version 4.0 Administration Guide
218 01-400-89802-20090424
http://docs.fortinet.com/ • Feedback
For further information about LDAP authentication, see “Configuring an LDAP server” on
page 575.
To create the user group (LDAP)
1 Go to User > User Group.
2 Select Create New or select the Edit icon beside an existing user group.
3 Enter a Name that identifies the user group.
4 For Type, enter Firewall.
5 In the Available Users/Groups list, select the LDAP server name and move it to the
Members list.
6 Select OK.
To configure an administrator to authenticate with an LDAP server
1 Go to System > Admin.
2 Select Create New or select the Edit icon beside an existing administrator account.
3 Enter or select the following:
4 Configure additional features as required. For more information, see “Configuring an
administrator account” on page 212.
5 Select OK.
Configuring TACACS+ authentication for administrators
Terminal Access Controller Access-Control System (TACACS+) is a remote
authentication protocol that provides access control for routers, network access servers,
and other networked computing devices via one or more centralized servers.
If you have configured TACACS+ support and an administrator is required to authenticate
using a TACACS+ server, the FortiGate unit contacts the TACACS+ server for
authentication. If the TACACS+ server cannot authenticate the administrator, the
connection is refused by the FortiGate unit.
If you want to use an TACACS+ server to authenticate administrators in your VDOM, you
must configure the authentication before you create the administrator accounts. To do this
you need to:
• configure the TACACS+ server
• configure the FortiGate unit to access the TACACS+ server
Protocol The secure LDAP protocol to use for authentication. Available only if
Secure Connection is selected.
Certificate The certificate to use for authentication. Available only if Secure
Connection is selected.
Administrator A name that identifies the administrator.
Type Remote.
User Group The user group that includes the LDAP server as a member.
Wildcard A check box that allows all accounts on the LDAP server to be administrators.
Password The password the administrator uses to authenticate. Not available if Wildcard
is enabled.
Confirm
Password
The re-entered password that confirms the original entry in Password. Not
available if Wildcard is enabled.
Admin Profile The admin profile to apply to the administrator.
To Next Page
Loading...