config user local
Configure local users.
config user local
Description: Configure local users.
edit <name>
set id {integer}
set status [enable|disable]
set type [password|radius|...]
set passwd {password}
set ldap-server {string}
set radius-server {string}
set tacacs+-server {string}
set two-factor [disable|fortitoken|...]
set two-factor-authentication [fortitoken|email|...]
set two-factor-notification [email|sms]
set fortitoken {string}
set email-to {string}
set sms-server [fortiguard|custom]
set sms-custom-server {string}
set sms-phone {string}
set passwd-policy {string}
set passwd-time {user}
set authtimeout {integer}
set workstation {string}
set auth-concurrent-override [enable|disable]
set auth-concurrent-value {integer}
set ppk-secret {password-3}
set ppk-identity {string}
set username-sensitivity [disable|enable]
next
end
config user local
Parameter |
Description |
Type |
Size |
|||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
id |
User ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||||||||
status |
Enable/disable allowing the local user to authenticate with the FortiGate unit. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
type |
Authentication method. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
passwd |
User's password. |
password |
Not Specified |
|||||||||||||
ldap-server |
Name of LDAP server with which the user must authenticate. |
string |
Not Specified |
|||||||||||||
radius-server |
Name of RADIUS server with which the user must authenticate. |
string |
Not Specified |
|||||||||||||
tacacs+-server |
Name of TACACS+ server with which the user must authenticate. |
string |
Not Specified |
|||||||||||||
two-factor |
Enable/disable two-factor authentication. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
two-factor-authentication |
Authentication method by FortiToken Cloud. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
two-factor-notification |
Notification method for user activation by FortiToken Cloud. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
fortitoken |
Two-factor recipient's FortiToken serial number. |
string |
Not Specified |
|||||||||||||
email-to |
Two-factor recipient's email address. |
string |
Not Specified |
|||||||||||||
sms-server |
Send SMS through FortiGuard or other external server. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
sms-custom-server |
Two-factor recipient's SMS server. |
string |
Not Specified |
|||||||||||||
sms-phone |
Two-factor recipient's mobile phone number. |
string |
Not Specified |
|||||||||||||
passwd-policy |
Password policy to apply to this user, as defined in config user password-policy. |
string |
Not Specified |
|||||||||||||
passwd-time |
Time of the last password update. |
user |
Not Specified |
|||||||||||||
authtimeout |
Time in minutes before the authentication timeout for a user is reached. |
integer |
Minimum value: 0 Maximum value: 1440 |
|||||||||||||
workstation |
Name of the remote user workstation, if you want to limit the user to authenticate only from a particular workstation. |
string |
Not Specified |
|||||||||||||
auth-concurrent-override |
Enable/disable overriding the policy-auth-concurrent under config system global. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
auth-concurrent-value |
Maximum number of concurrent logins permitted from the same user. |
integer |
Minimum value: 0 Maximum value: 100 |
|||||||||||||
ppk-secret |
IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). |
password-3 |
Not Specified |
|||||||||||||
ppk-identity |
IKEv2 Postquantum Preshared Key Identity. |
string |
Not Specified |
|||||||||||||
username-sensitivity |
Enable/disable case and accent sensitivity when performing username matching (accents are stripped and case is ignored when disabled). |
option |
- |
|||||||||||||
|
|