Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Configure Authentication Schemes.

  config authentication scheme
      Description: Configure Authentication Schemes.
      edit <name>
          set method {option1}, {option2}, ...
          set negotiate-ntlm [enable|disable]
          set kerberos-keytab {string}
          set domain-controller {string}
          set fsso-agent-for-ntlm {string}
          set require-tfa [enable|disable]
          set fsso-guest [enable|disable]
          set user-database <name1>, <name2>, ...
          set ssh-ca {string}
      next
  end

config authentication scheme

Parameter Name Description Type Size
method Authentication methods (default = basic).
ntlm: NTLM authentication.
basic: Basic HTTP authentication.
digest: Digest HTTP authentication.
form: Form-based HTTP authentication.
negotiate: Negotiate authentication.
fsso: Fortinet Single Sign-On (FSSO) authentication.
rsso: RADIUS Single Sign-On (RSSO) authentication.
ssh-publickey: Public key based SSH authentication.
option -
negotiate-ntlm Enable/disable negotiate authentication for NTLM (default = disable).
enable: Enable negotiate authentication for NTLM.
disable: Disable negotiate authentication for NTLM.
option -
kerberos-keytab Kerberos keytab setting. string Maximum length: 35
domain-controller Domain controller setting. string Maximum length: 35
fsso-agent-for-ntlm FSSO agent to use for NTLM authentication. string Maximum length: 35
require-tfa Enable/disable two-factor authentication (default = disable).
enable: Enable two-factor authentication.
disable: Disable two-factor authentication.
option -
fsso-guest Enable/disable user fsso-guest authentication (default = disable).
enable: Enable user fsso-guest authentication.
disable: Disable user fsso-guest authentication.
option -
user-database <name> Authentication server to contain user information; "local" (default) or "123" (for LDAP).
Authentication server name.
string Maximum length: 79
ssh-ca SSH CA name. string Maximum length: 35

Configure Authentication Schemes.

  config authentication scheme
      Description: Configure Authentication Schemes.
      edit <name>
          set method {option1}, {option2}, ...
          set negotiate-ntlm [enable|disable]
          set kerberos-keytab {string}
          set domain-controller {string}
          set fsso-agent-for-ntlm {string}
          set require-tfa [enable|disable]
          set fsso-guest [enable|disable]
          set user-database <name1>, <name2>, ...
          set ssh-ca {string}
      next
  end

config authentication scheme

Parameter Name Description Type Size
method Authentication methods (default = basic).
ntlm: NTLM authentication.
basic: Basic HTTP authentication.
digest: Digest HTTP authentication.
form: Form-based HTTP authentication.
negotiate: Negotiate authentication.
fsso: Fortinet Single Sign-On (FSSO) authentication.
rsso: RADIUS Single Sign-On (RSSO) authentication.
ssh-publickey: Public key based SSH authentication.
option -
negotiate-ntlm Enable/disable negotiate authentication for NTLM (default = disable).
enable: Enable negotiate authentication for NTLM.
disable: Disable negotiate authentication for NTLM.
option -
kerberos-keytab Kerberos keytab setting. string Maximum length: 35
domain-controller Domain controller setting. string Maximum length: 35
fsso-agent-for-ntlm FSSO agent to use for NTLM authentication. string Maximum length: 35
require-tfa Enable/disable two-factor authentication (default = disable).
enable: Enable two-factor authentication.
disable: Disable two-factor authentication.
option -
fsso-guest Enable/disable user fsso-guest authentication (default = disable).
enable: Enable user fsso-guest authentication.
disable: Disable user fsso-guest authentication.
option -
user-database <name> Authentication server to contain user information; "local" (default) or "123" (for LDAP).
Authentication server name.
string Maximum length: 79
ssh-ca SSH CA name. string Maximum length: 35