config user local
Configure local users.
config user local Description: Configure local users. edit <name> set auth-concurrent-override [enable|disable] set auth-concurrent-value {integer} set authtimeout {integer} set email-to {string} set fortitoken {string} set id {integer} set ldap-server {string} set passwd {password} set passwd-policy {string} set passwd-time {user} set ppk-identity {string} set ppk-secret {password-3} set radius-server {string} set sms-custom-server {string} set sms-phone {string} set sms-server [fortiguard|custom] set status [enable|disable] set tacacs+-server {string} set two-factor [disable|fortitoken|...] set two-factor-authentication [fortitoken|email|...] set two-factor-notification [email|sms] set type [password|radius|...] set username-sensitivity [disable|enable] set workstation {string} next end
config user local
Parameter |
Description |
Type |
Size |
Default |
||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
auth-concurrent-override |
Enable/disable overriding the policy-auth-concurrent under config system global. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
auth-concurrent-value |
Maximum number of concurrent logins permitted from the same user. |
integer |
Minimum value: 0 Maximum value: 100 |
0 |
||||||||||||
authtimeout |
Time in minutes before the authentication timeout for a user is reached. |
integer |
Minimum value: 0 Maximum value: 1440 |
0 |
||||||||||||
email-to |
Two-factor recipient's email address. |
string |
Maximum length: 63 |
|
||||||||||||
fortitoken |
Two-factor recipient's FortiToken serial number. |
string |
Maximum length: 16 |
|
||||||||||||
id |
User ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
ldap-server |
Name of LDAP server with which the user must authenticate. |
string |
Maximum length: 35 |
|
||||||||||||
name |
Local user name. |
string |
Maximum length: 64 |
|
||||||||||||
passwd |
User's password. |
password |
Not Specified |
|
||||||||||||
passwd-policy |
Password policy to apply to this user, as defined in config user password-policy. |
string |
Maximum length: 35 |
|
||||||||||||
passwd-time |
Time of the last password update. |
user |
Not Specified |
|
||||||||||||
ppk-identity |
IKEv2 Postquantum Preshared Key Identity. |
string |
Maximum length: 35 |
|
||||||||||||
ppk-secret |
IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). |
password-3 |
Not Specified |
|
||||||||||||
radius-server |
Name of RADIUS server with which the user must authenticate. |
string |
Maximum length: 35 |
|
||||||||||||
sms-custom-server |
Two-factor recipient's SMS server. |
string |
Maximum length: 35 |
|
||||||||||||
sms-phone |
Two-factor recipient's mobile phone number. |
string |
Maximum length: 15 |
|
||||||||||||
sms-server |
Send SMS through FortiGuard or other external server. |
option |
- |
fortiguard |
||||||||||||
|
|
|||||||||||||||
status |
Enable/disable allowing the local user to authenticate with the FortiGate unit. |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
tacacs+-server |
Name of TACACS+ server with which the user must authenticate. |
string |
Maximum length: 35 |
|
||||||||||||
two-factor |
Enable/disable two-factor authentication. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
two-factor-authentication |
Authentication method by FortiToken Cloud. |
option |
- |
|
||||||||||||
|
|
|||||||||||||||
two-factor-notification |
Notification method for user activation by FortiToken Cloud. |
option |
- |
|
||||||||||||
|
|
|||||||||||||||
type |
Authentication method. |
option |
- |
password |
||||||||||||
|
|
|||||||||||||||
username-sensitivity |
Enable/disable case and accent sensitivity when performing username matching (accents are stripped and case is ignored when disabled). |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
workstation |
Name of the remote user workstation, if you want to limit the user to authenticate only from a particular workstation. |
string |
Maximum length: 35 |
|