New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
|||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||
user_radius
-
|
Default: null
|
Configure RADIUS server entries.
|
||
accounting-server
-
|
Additional accounting servers.
|
|||
id
-
/ required
|
ID (0 - 4294967295).
|
|||
port
-
|
RADIUS accounting port number.
|
|||
secret
-
|
Secret key.
|
|||
server
-
|
Server CN domain name or IP.
|
|||
source-ip
-
|
Source IP address for communications to the RADIUS server.
|
|||
status
-
|
|
Status.
|
||
acct-all-servers
-
|
|
Enable/disable sending of accounting messages to all configured servers (default = disable).
|
||
acct-interim-interval
-
|
Time in seconds between each accounting interim update message.
|
|||
all-usergroup
-
|
|
Enable/disable automatically including this RADIUS server in all user groups.
|
||
auth-type
-
|
|
Authentication methods/protocols permitted for this RADIUS server.
|
||
class
-
|
Class attribute name(s).
|
|||
name
-
/ required
|
Class name.
|
|||
h3c-compatibility
-
|
|
Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication.
|
||
name
-
/ required
|
RADIUS server entry name.
|
|||
nas-ip
-
|
IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
|
|||
password-encoding
-
|
|
Password encoding.
|
||
password-renewal
-
|
|
Enable/disable password renewal.
|
||
radius-coa
-
|
|
Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated.
|
||
radius-port
-
|
RADIUS service port number.
|
|||
rsso
-
|
|
Enable/disable RADIUS based single sign on feature.
|
||
rsso-context-timeout
-
|
Time in seconds before the logged out user is removed from the "user context list" of logged on users.
|
|||
rsso-endpoint-attribute
-
|
|
RADIUS attributes used to extract the user end point identifer from the RADIUS Start record.
|
||
rsso-endpoint-block-attribute
-
|
|
RADIUS attributes used to block a user.
|
||
rsso-ep-one-ip-only
-
|
|
Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages.
|
||
rsso-flush-ip-session
-
|
|
Enable/disable flushing user IP sessions on RADIUS accounting Stop messages.
|
||
rsso-log-flags
-
|
|
Events to log.
|
||
rsso-log-period
-
|
Time interval in seconds that group event log messages will be generated for dynamic profile events.
|
|||
rsso-radius-response
-
|
|
Enable/disable sending RADIUS response packets after receiving Start and Stop records.
|
||
rsso-radius-server-port
-
|
UDP port to listen on for RADIUS Start and Stop records.
|
|||
rsso-secret
-
|
RADIUS secret used by the RADIUS accounting server.
|
|||
rsso-validate-request-secret
-
|
|
Enable/disable validating the RADIUS request shared secret in the Start or End record.
|
||
secondary-secret
-
|
Secret key to access the secondary server.
|
|||
secondary-server
-
|
Secondary RADIUS CN domain name or IP.
|
|||
secret
-
|
Pre-shared secret key used to access the primary RADIUS server.
|
|||
server
-
|
Primary RADIUS server CN domain name or IP address.
|
|||
source-ip
-
|
Source IP address for communications to the RADIUS server.
|
|||
sso-attribute
-
|
|
RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record.
|
||
sso-attribute-key
-
|
Key prefix for SSO group value in the SSO attribute.
|
|||
sso-attribute-value-override
-
|
|
Enable/disable override old attribute value with new value for the same endpoint.
|
||
state
-
|
|
Indicates whether to create or remove the object
|
||
tertiary-secret
-
|
Secret key to access the tertiary server.
|
|||
tertiary-server
-
|
Tertiary RADIUS CN domain name or IP.
|
|||
timeout
-
|
Time in seconds between re-sending authentication requests.
|
|||
use-management-vdom
-
|
|
Enable/disable using management VDOM to send requests.
|
||
username-case-sensitive
-
|
|
Enable/disable case sensitive user names.
|
||
username
-
/ required
|
FortiOS or FortiGate username.
|
|||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure RADIUS server entries.
fortios_user_radius:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
user_radius:
state: "present"
accounting-server:
-
id: "4"
port: "5"
secret: "<your_own_value>"
server: "192.168.100.40"
source-ip: "84.230.14.43"
status: "enable"
acct-all-servers: "enable"
acct-interim-interval: "11"
all-usergroup: "disable"
auth-type: "auto"
class:
-
name: "default_name_15"
h3c-compatibility: "enable"
name: "default_name_17"
nas-ip: "<your_own_value>"
password-encoding: "auto"
password-renewal: "enable"
radius-coa: "enable"
radius-port: "22"
rsso: "enable"
rsso-context-timeout: "24"
rsso-endpoint-attribute: "User-Name"
rsso-endpoint-block-attribute: "User-Name"
rsso-ep-one-ip-only: "enable"
rsso-flush-ip-session: "enable"
rsso-log-flags: "protocol-error"
rsso-log-period: "30"
rsso-radius-response: "enable"
rsso-radius-server-port: "32"
rsso-secret: "<your_own_value>"
rsso-validate-request-secret: "enable"
secondary-secret: "<your_own_value>"
secondary-server: "<your_own_value>"
secret: "<your_own_value>"
server: "192.168.100.40"
source-ip: "84.230.14.43"
sso-attribute: "User-Name"
sso-attribute-key: "<your_own_value>"
sso-attribute-value-override: "enable"
tertiary-secret: "<your_own_value>"
tertiary-server: "<your_own_value>"
timeout: "45"
use-management-vdom: "enable"
username-case-sensitive: "enable"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.