Adding a local administrator
Only administrators with read-write for Administrator Users can create a new administrator account.
1. Go to System > Administrators.
2. Select Create New.
3. Add a Name for the administrator.
The name of the administrator should not contain the characters <>()#”‘. Using these characters in the administrator account name can result in a cross site scripting (XSS) vulnerability.
4. Set Type to Local User.
5. Enter the password for the user. This may be a temporary password that the administrator can change later.
Passwords can be up to 256 characters in length. For more information on passwords, see Administrators on page
220.
6. Select OK.
To add an administrator – CLI
config system admin edit <admin_name>
set password <password>
set accprofile <profile_name>
end
LDAP authentication for administrators
Administrators can use remote authentication, such as LDAP, to connect to the FortiGate. To do this, requires three steps:
- configure the LDAP server
- add the LDAP server to a user group
- configure the administrator account
Configure the LDAP server
First set up the LDAP server as you normally would, and include a group to bind to.
To configure the LDAP server – GUI
1. Go to User & Device > LDAP Servers and select Create New.
2. Enter a Name for the server.
3. Enter the Server IP address or name.
4. Enter the Common Name Identifier and Distinguished Name.
5. Set the Bind Type to Regular and enter the User DN and Password.
6. Select OK.
To configure the LDAP server – CLI
config user ldap
edit <ldap_server_name> set server <server_ip> set cnid cn
set dn DC=XYZ,DC=COM
set type regular
set user name CN=Administrator,CN=Users,DC=XYZ,DC=COM
set password <password>
set member-attr <group_binding>
end