Testing FSSO
Once FSSO is configured, you can easily test to ensure your configuration is working as expected. For additional FSSO testing, see Troubleshooting FSSO on page 189.
- Logon to one of the stations on the FSSO domain, and access an Internet resource.
- Connect to the CLI of the FortiGate unit, and if possible log the output.
- Enter the following command: diagnose debug authd fsso list
- Check the output. If FSSO is functioning properly you will see something similar to the following:
—-FSSO logons—-
IP: 10.10.20.3 User: ADMINISTRATOR Groups: CN=FORTIOS WRITERS,CN=USERS,DC=TECHDOC,DC=LOCAL Workstation: WIN2K8R2.TECHDOC.LOCAL MemberOf: FortiOS_Writers
IP: 10.10.20.7 User: TELBAR Groups: CN=FORTIOS WRITERS,CN=USERS,DC=TECHDOC,DC=LOCAL Workstation: TELBAR-PC7.TECHDOC.LOCAL
Total number of logons listed: 2, filtered: 0
—-end of FSSO logons—-
The exact information will vary based on your installation.
- Check the FortiGate event log, for FSSO-auth action or other FSSO related events with FSSO information in the message field.
- To check server connectivity, run the following commands from the CLI:
FGT# diagnose debug enable
FGT# diagnose debug authd fsso server-status
FGT# Server Name Connection Status Version ———– —————– ——-
techdoc connected FSSO 5.0.0241