fortinet.fortimanager.fmgr_user_radius – Configure RADIUS server entries.
fortinet.fortimanager.fmgr_user_radius – Configure RADIUS server entries.
Note
This plugin is part of the fortinet.fortimanager collection (version 2.0.1).
To install it use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_user_radius.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | |||
|---|---|---|---|---|---|
|
adom string / required |
the parameter (adom) in requested url | ||||
|
bypass_validation boolean |
|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | |||
|
rc_failed list / elements=string |
the rc codes list with which the conditions to fail will be overriden | ||||
|
rc_succeeded list / elements=string |
the rc codes list with which the conditions to succeed will be overriden | ||||
|
state string / required |
|
the directive to create, update or delete an object | |||
|
user_radius dictionary |
the top level parameters set | ||||
|
accounting-server list / elements=string |
no description | ||||
|
id integer |
ID (0 - 4294967295). | ||||
|
port integer |
RADIUS accounting port number. | ||||
|
secret string |
no description | ||||
|
server string |
{<name_str|ip_str>} Server CN domain name or IP. | ||||
|
source-ip string |
Source IP address for communications to the RADIUS server. | ||||
|
status string |
|
Status. | |||
|
acct-all-servers string |
|
Enable/disable sending of accounting messages to all configured servers (default = disable). | |||
|
acct-interim-interval integer |
Time in seconds between each accounting interim update message. | ||||
|
all-usergroup string |
|
Enable/disable automatically including this RADIUS server in all user groups. | |||
|
auth-type string |
|
Authentication methods/protocols permitted for this RADIUS server. | |||
|
class string |
no description | ||||
|
dynamic_mapping list / elements=string |
no description | ||||
|
_scope list / elements=string |
no description | ||||
|
name string |
no description | ||||
|
vdom string |
no description | ||||
|
acct-all-servers string |
|
no description | |||
|
acct-interim-interval integer |
no description | ||||
|
all-usergroup string |
|
no description | |||
|
auth-type string |
|
no description | |||
|
class string |
no description | ||||
|
dp-carrier-endpoint-attribute string |
|
no description | |||
|
dp-carrier-endpoint-block-attribute string |
|
no description | |||
|
dp-context-timeout integer |
no description | ||||
|
dp-flush-ip-session string |
|
no description | |||
|
dp-hold-time integer |
no description | ||||
|
dp-http-header string |
no description | ||||
|
dp-http-header-fallback string |
|
no description | |||
|
dp-http-header-status string |
|
no description | |||
|
dp-http-header-suppress string |
|
no description | |||
|
dp-log-dyn_flags list / elements=string |
|
no description | |||
|
dp-log-period integer |
no description | ||||
|
dp-mem-percent integer |
no description | ||||
|
dp-profile-attribute string |
|
no description | |||
|
dp-profile-attribute-key string |
no description | ||||
|
dp-radius-response string |
|
no description | |||
|
dp-radius-server-port integer |
no description | ||||
|
dp-secret string |
no description | ||||
|
dp-validate-request-secret string |
|
no description | |||
|
dynamic-profile string |
|
no description | |||
|
endpoint-translation string |
|
no description | |||
|
ep-carrier-endpoint-convert-hex string |
|
no description | |||
|
ep-carrier-endpoint-header string |
no description | ||||
|
ep-carrier-endpoint-header-suppress string |
|
no description | |||
|
ep-carrier-endpoint-prefix string |
|
no description | |||
|
ep-carrier-endpoint-prefix-range-max integer |
no description | ||||
|
ep-carrier-endpoint-prefix-range-min integer |
no description | ||||
|
ep-carrier-endpoint-prefix-string string |
no description | ||||
|
ep-carrier-endpoint-source string |
|
no description | |||
|
ep-ip-header string |
no description | ||||
|
ep-ip-header-suppress string |
|
no description | |||
|
ep-missing-header-fallback string |
|
no description | |||
|
ep-profile-query-type string |
|
no description | |||
|
h3c-compatibility string |
|
no description | |||
|
nas-ip string |
no description | ||||
|
password-encoding string |
|
no description | |||
|
password-renewal string |
|
no description | |||
|
radius-coa string |
|
no description | |||
|
radius-port integer |
no description | ||||
|
rsso string |
|
no description | |||
|
rsso-context-timeout integer |
no description | ||||
|
rsso-endpoint-attribute string |
|
no description | |||
|
rsso-endpoint-block-attribute string |
|
no description | |||
|
rsso-ep-one-ip-only string |
|
no description | |||
|
rsso-flush-ip-session string |
|
no description | |||
|
rsso-log-flags list / elements=string |
|
no description | |||
|
rsso-log-period integer |
no description | ||||
|
rsso-radius-response string |
|
no description | |||
|
rsso-radius-server-port integer |
no description | ||||
|
rsso-secret string |
no description | ||||
|
rsso-validate-request-secret string |
|
no description | |||
|
secondary-secret string |
no description | ||||
|
secondary-server string |
no description | ||||
|
secret string |
no description | ||||
|
server string |
no description | ||||
|
source-ip string |
no description | ||||
|
sso-attribute string |
|
no description | |||
|
sso-attribute-key string |
no description | ||||
|
sso-attribute-value-override string |
|
no description | |||
|
tertiary-secret string |
no description | ||||
|
tertiary-server string |
no description | ||||
|
timeout integer |
no description | ||||
|
use-group-for-profile string |
|
no description | |||
|
use-management-vdom string |
|
no description | |||
|
username-case-sensitive string |
|
no description | |||
|
h3c-compatibility string |
|
Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. | |||
|
name string |
RADIUS server entry name. | ||||
|
nas-ip string |
IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes. | ||||
|
password-encoding string |
|
Password encoding. | |||
|
password-renewal string |
|
Enable/disable password renewal. | |||
|
radius-coa string |
|
Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is a... | |||
|
radius-port integer |
RADIUS service port number. | ||||
|
rsso string |
|
Enable/disable RADIUS based single sign on feature. | |||
|
rsso-context-timeout integer |
Time in seconds before the logged out user is removed from the "user context list" of logged on users. | ||||
|
rsso-endpoint-attribute string |
|
RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. | |||
|
rsso-endpoint-block-attribute string |
|
RADIUS attributes used to block a user. | |||
|
rsso-ep-one-ip-only string |
|
Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. | |||
|
rsso-flush-ip-session string |
|
Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. | |||
|
rsso-log-flags list / elements=string |
|
no description | |||
|
rsso-log-period integer |
Time interval in seconds that group event log messages will be generated for dynamic profile events. | ||||
|
rsso-radius-response string |
|
Enable/disable sending RADIUS response packets after receiving Start and Stop records. | |||
|
rsso-radius-server-port integer |
UDP port to listen on for RADIUS Start and Stop records. | ||||
|
rsso-secret string |
no description | ||||
|
rsso-validate-request-secret string |
|
Enable/disable validating the RADIUS request shared secret in the Start or End record. | |||
|
secondary-secret string |
no description | ||||
|
secondary-server string |
{<name_str|ip_str>} secondary RADIUS CN domain name or IP. | ||||
|
secret string |
no description | ||||
|
server string |
Primary RADIUS server CN domain name or IP address. | ||||
|
source-ip string |
Source IP address for communications to the RADIUS server. | ||||
|
sso-attribute string |
|
RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. | |||
|
sso-attribute-key string |
Key prefix for SSO group value in the SSO attribute. | ||||
|
sso-attribute-value-override string |
|
Enable/disable override old attribute value with new value for the same endpoint. | |||
|
tertiary-secret string |
no description | ||||
|
tertiary-server string |
{<name_str|ip_str>} tertiary RADIUS CN domain name or IP. | ||||
|
timeout integer |
Time in seconds between re-sending authentication requests. | ||||
|
use-management-vdom string |
|
Enable/disable using management VDOM to send requests. | |||
|
username-case-sensitive string |
|
Enable/disable case sensitive user names. | |||
|
workspace_locking_adom string |
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | ||||
|
workspace_locking_timeout integer |
Default: 300 |
the maximum time in seconds to wait for other user to release the workspace lock |
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure RADIUS server entries.
fmgr_user_radius:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
user_radius:
accounting-server:
-
id: <value of integer>
port: <value of integer>
secret: <value of string>
server: <value of string>
source-ip: <value of string>
status: <value in [disable, enable]>
acct-all-servers: <value in [disable, enable]>
acct-interim-interval: <value of integer>
all-usergroup: <value in [disable, enable]>
auth-type: <value in [pap, chap, ms_chap, ...]>
class: <value of string>
dynamic_mapping:
-
_scope:
-
name: <value of string>
vdom: <value of string>
acct-all-servers: <value in [disable, enable]>
acct-interim-interval: <value of integer>
all-usergroup: <value in [disable, enable]>
auth-type: <value in [pap, chap, ms_chap, ...]>
class: <value of string>
dp-carrier-endpoint-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
dp-carrier-endpoint-block-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
dp-context-timeout: <value of integer>
dp-flush-ip-session: <value in [disable, enable]>
dp-hold-time: <value of integer>
dp-http-header: <value of string>
dp-http-header-fallback: <value in [ip-header-address, default-profile]>
dp-http-header-status: <value in [disable, enable]>
dp-http-header-suppress: <value in [disable, enable]>
dp-log-dyn_flags:
- none
- protocol-error
- profile-missing
- context-missing
- accounting-stop-missed
- accounting-event
- radiusd-other
- endpoint-block
dp-log-period: <value of integer>
dp-mem-percent: <value of integer>
dp-profile-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
dp-profile-attribute-key: <value of string>
dp-radius-response: <value in [disable, enable]>
dp-radius-server-port: <value of integer>
dp-secret: <value of string>
dp-validate-request-secret: <value in [disable, enable]>
dynamic-profile: <value in [disable, enable]>
endpoint-translation: <value in [disable, enable]>
ep-carrier-endpoint-convert-hex: <value in [disable, enable]>
ep-carrier-endpoint-header: <value of string>
ep-carrier-endpoint-header-suppress: <value in [disable, enable]>
ep-carrier-endpoint-prefix: <value in [disable, enable]>
ep-carrier-endpoint-prefix-range-max: <value of integer>
ep-carrier-endpoint-prefix-range-min: <value of integer>
ep-carrier-endpoint-prefix-string: <value of string>
ep-carrier-endpoint-source: <value in [http-header, cookie]>
ep-ip-header: <value of string>
ep-ip-header-suppress: <value in [disable, enable]>
ep-missing-header-fallback: <value in [session-ip, policy-profile]>
ep-profile-query-type: <value in [session-ip, extract-ip, extract-carrier-endpoint]>
h3c-compatibility: <value in [disable, enable]>
nas-ip: <value of string>
password-encoding: <value in [ISO-8859-1, auto]>
password-renewal: <value in [disable, enable]>
radius-coa: <value in [disable, enable]>
radius-port: <value of integer>
rsso: <value in [disable, enable]>
rsso-context-timeout: <value of integer>
rsso-endpoint-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
rsso-endpoint-block-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
rsso-ep-one-ip-only: <value in [disable, enable]>
rsso-flush-ip-session: <value in [disable, enable]>
rsso-log-flags:
- none
- protocol-error
- profile-missing
- context-missing
- accounting-stop-missed
- accounting-event
- radiusd-other
- endpoint-block
rsso-log-period: <value of integer>
rsso-radius-response: <value in [disable, enable]>
rsso-radius-server-port: <value of integer>
rsso-secret: <value of string>
rsso-validate-request-secret: <value in [disable, enable]>
secondary-secret: <value of string>
secondary-server: <value of string>
secret: <value of string>
server: <value of string>
source-ip: <value of string>
sso-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
sso-attribute-key: <value of string>
sso-attribute-value-override: <value in [disable, enable]>
tertiary-secret: <value of string>
tertiary-server: <value of string>
timeout: <value of integer>
use-group-for-profile: <value in [disable, enable]>
use-management-vdom: <value in [disable, enable]>
username-case-sensitive: <value in [disable, enable]>
h3c-compatibility: <value in [disable, enable]>
name: <value of string>
nas-ip: <value of string>
password-encoding: <value in [ISO-8859-1, auto]>
password-renewal: <value in [disable, enable]>
radius-coa: <value in [disable, enable]>
radius-port: <value of integer>
rsso: <value in [disable, enable]>
rsso-context-timeout: <value of integer>
rsso-endpoint-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
rsso-endpoint-block-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
rsso-ep-one-ip-only: <value in [disable, enable]>
rsso-flush-ip-session: <value in [disable, enable]>
rsso-log-flags:
- none
- protocol-error
- profile-missing
- context-missing
- accounting-stop-missed
- accounting-event
- radiusd-other
- endpoint-block
rsso-log-period: <value of integer>
rsso-radius-response: <value in [disable, enable]>
rsso-radius-server-port: <value of integer>
rsso-secret: <value of string>
rsso-validate-request-secret: <value in [disable, enable]>
secondary-secret: <value of string>
secondary-server: <value of string>
secret: <value of string>
server: <value of string>
source-ip: <value of string>
sso-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
sso-attribute-key: <value of string>
sso-attribute-value-override: <value in [disable, enable]>
tertiary-secret: <value of string>
tertiary-server: <value of string>
timeout: <value of integer>
use-management-vdom: <value in [disable, enable]>
username-case-sensitive: <value in [disable, enable]>Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
request_url string |
always |
The full url requested
Sample: /sys/login/user |
|
response_code integer |
always |
The status of api request
|
|
response_message string |
always |
The descriptive message of the api response
Sample: OK. |
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_user_radius_module.html
