Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kboukis
Explorer

Change AD password through checkpoint VPN after implementing 2FA with forti token

Hey all,

I had configured LDAPs and everything was ok, we could change expired password from checkpoint VPN, but now that we added/implemented 2FA from fortinet, we lost the ability to change the password. If the password has expired, the fortinet log says that the password must be changed and it just gives the user wrong password message.

Is there a way around this?

thank you

0 Kudos
5 Replies
_Val_
Admin
Admin

I suspect this question should be actually directed to Fortinet 🙂

0 Kudos
Norbert_Bohusch
Advisor

I assume you are using only one authentication (Radius) to authenticate against Forti Token, so everything happening, like AD authentication and expired password handling should be done by Forti...

 

0 Kudos
kboukis
Explorer

Yes you are right, all are done through forti. I needed to change from PAP to MSCHAPv2 on checkpoint and also install a certificate on forti and change to ldaps on forti. It is working but it is not notifying the user that their password has been changed which is kind of annoying. 

0 Kudos
PhoneBoy
Admin
Admin

How is the MFA from Fortinet implemented exactly?

0 Kudos
kboukis
Explorer

On checkpoint I have set the RADIUS server to be the forti server and then forti takes over.  It is working fine but it is getting a bit complex 🙂

0 Kudos