W3cubDocs

/Ansible

fortinet.fortimanager.fmgr_user_radius – Configure RADIUS server entries.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_user_radius.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.
  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
adom
string / required
the parameter (adom) in requested url
bypass_validation
boolean
    Choices:
  • no
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no
  • yes
Enable/Disable logging for task
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
user_radius
dictionary
the top level parameters set
accounting-server
list / elements=string
no description
id
integer
ID (0 - 4294967295).
interface
string
Specify outgoing interface to reach server.
interface-select-method
string
    Choices:
  • auto
  • sdwan
  • specify
Specify how to select outgoing interface to reach server.
port
integer
RADIUS accounting port number.
secret
string
no description
server
string
{<name_str|ip_str>} Server CN domain name or IP.
source-ip
string
Source IP address for communications to the RADIUS server.
status
string
    Choices:
  • disable
  • enable
Status.
acct-all-servers
string
    Choices:
  • disable
  • enable
Enable/disable sending of accounting messages to all configured servers (default = disable).
acct-interim-interval
integer
Time in seconds between each accounting interim update message.
all-usergroup
string
    Choices:
  • disable
  • enable
Enable/disable automatically including this RADIUS server in all user groups.
auth-type
string
    Choices:
  • pap
  • chap
  • ms_chap
  • ms_chap_v2
  • auto
Authentication methods/protocols permitted for this RADIUS server.
class
string
no description
dynamic_mapping
list / elements=string
no description
_scope
list / elements=string
no description
name
string
no description
vdom
string
no description
accounting-server
list / elements=string
no description
id
integer
no description
interface
string
no description
interface-select-method
string
    Choices:
  • auto
  • sdwan
  • specify
no description
port
integer
no description
secret
string
no description
server
string
no description
source-ip
string
no description
status
string
    Choices:
  • disable
  • enable
no description
acct-all-servers
string
    Choices:
  • disable
  • enable
no description
acct-interim-interval
integer
no description
all-usergroup
string
    Choices:
  • disable
  • enable
no description
auth-type
string
    Choices:
  • pap
  • chap
  • ms_chap
  • ms_chap_v2
  • auto
no description
class
string
no description
dp-carrier-endpoint-attribute
string
    Choices:
  • User-Name
  • User-Password
  • CHAP-Password
  • NAS-IP-Address
  • NAS-Port
  • Service-Type
  • Framed-Protocol
  • Framed-IP-Address
  • Framed-IP-Netmask
  • Framed-Routing
  • Filter-Id
  • Framed-MTU
  • Framed-Compression
  • Login-IP-Host
  • Login-Service
  • Login-TCP-Port
  • Reply-Message
  • Callback-Number
  • Callback-Id
  • Framed-Route
  • Framed-IPX-Network
  • State
  • Class
  • Vendor-Specific
  • Session-Timeout
  • Idle-Timeout
  • Termination-Action
  • Called-Station-Id
  • Calling-Station-Id
  • NAS-Identifier
  • Proxy-State
  • Login-LAT-Service
  • Login-LAT-Node
  • Login-LAT-Group
  • Framed-AppleTalk-Link
  • Framed-AppleTalk-Network
  • Framed-AppleTalk-Zone
  • Acct-Status-Type
  • Acct-Delay-Time
  • Acct-Input-Octets
  • Acct-Output-Octets
  • Acct-Session-Id
  • Acct-Authentic
  • Acct-Session-Time
  • Acct-Input-Packets
  • Acct-Output-Packets
  • Acct-Terminate-Cause
  • Acct-Multi-Session-Id
  • Acct-Link-Count
  • CHAP-Challenge
  • NAS-Port-Type
  • Port-Limit
  • Login-LAT-Port
no description
dp-carrier-endpoint-block-attribute
string
    Choices:
  • User-Name
  • User-Password
  • CHAP-Password
  • NAS-IP-Address
  • NAS-Port
  • Service-Type
  • Framed-Protocol
  • Framed-IP-Address
  • Framed-IP-Netmask
  • Framed-Routing
  • Filter-Id
  • Framed-MTU
  • Framed-Compression
  • Login-IP-Host
  • Login-Service
  • Login-TCP-Port
  • Reply-Message
  • Callback-Number
  • Callback-Id
  • Framed-Route
  • Framed-IPX-Network
  • State
  • Class
  • Vendor-Specific
  • Session-Timeout
  • Idle-Timeout
  • Termination-Action
  • Called-Station-Id
  • Calling-Station-Id
  • NAS-Identifier
  • Proxy-State
  • Login-LAT-Service
  • Login-LAT-Node
  • Login-LAT-Group
  • Framed-AppleTalk-Link
  • Framed-AppleTalk-Network
  • Framed-AppleTalk-Zone
  • Acct-Status-Type
  • Acct-Delay-Time
  • Acct-Input-Octets
  • Acct-Output-Octets
  • Acct-Session-Id
  • Acct-Authentic
  • Acct-Session-Time
  • Acct-Input-Packets
  • Acct-Output-Packets
  • Acct-Terminate-Cause
  • Acct-Multi-Session-Id
  • Acct-Link-Count
  • CHAP-Challenge
  • NAS-Port-Type
  • Port-Limit
  • Login-LAT-Port
no description
dp-context-timeout
integer
no description
dp-flush-ip-session
string
    Choices:
  • disable
  • enable
no description
dp-hold-time
integer
no description
dp-http-header
string
no description
dp-http-header-fallback
string
    Choices:
  • ip-header-address
  • default-profile
no description
dp-http-header-status
string
    Choices:
  • disable
  • enable
no description
dp-http-header-suppress
string
    Choices:
  • disable
  • enable
no description
dp-log-dyn_flags
list / elements=string
    Choices:
  • none
  • protocol-error
  • profile-missing
  • context-missing
  • accounting-stop-missed
  • accounting-event
  • radiusd-other
  • endpoint-block
no description
dp-log-period
integer
no description
dp-mem-percent
integer
no description
dp-profile-attribute
string
    Choices:
  • User-Name
  • User-Password
  • CHAP-Password
  • NAS-IP-Address
  • NAS-Port
  • Service-Type
  • Framed-Protocol
  • Framed-IP-Address
  • Framed-IP-Netmask
  • Framed-Routing
  • Filter-Id
  • Framed-MTU
  • Framed-Compression
  • Login-IP-Host
  • Login-Service
  • Login-TCP-Port
  • Reply-Message
  • Callback-Number
  • Callback-Id
  • Framed-Route
  • Framed-IPX-Network
  • State
  • Class
  • Vendor-Specific
  • Session-Timeout
  • Idle-Timeout
  • Termination-Action
  • Called-Station-Id
  • Calling-Station-Id
  • NAS-Identifier
  • Proxy-State
  • Login-LAT-Service
  • Login-LAT-Node
  • Login-LAT-Group
  • Framed-AppleTalk-Link
  • Framed-AppleTalk-Network
  • Framed-AppleTalk-Zone
  • Acct-Status-Type
  • Acct-Delay-Time
  • Acct-Input-Octets
  • Acct-Output-Octets
  • Acct-Session-Id
  • Acct-Authentic
  • Acct-Session-Time
  • Acct-Input-Packets
  • Acct-Output-Packets
  • Acct-Terminate-Cause
  • Acct-Multi-Session-Id
  • Acct-Link-Count
  • CHAP-Challenge
  • NAS-Port-Type
  • Port-Limit
  • Login-LAT-Port
no description
dp-profile-attribute-key
string
no description
dp-radius-response
string
    Choices:
  • disable
  • enable
no description
dp-radius-server-port
integer
no description
dp-secret
string
no description
dp-validate-request-secret
string
    Choices:
  • disable
  • enable
no description
dynamic-profile
string
    Choices:
  • disable
  • enable
no description
endpoint-translation
string
    Choices:
  • disable
  • enable
no description
ep-carrier-endpoint-convert-hex
string
    Choices:
  • disable
  • enable
no description
ep-carrier-endpoint-header
string
no description
ep-carrier-endpoint-header-suppress
string
    Choices:
  • disable
  • enable
no description
ep-carrier-endpoint-prefix
string
    Choices:
  • disable
  • enable
no description
ep-carrier-endpoint-prefix-range-max
integer
no description
ep-carrier-endpoint-prefix-range-min
integer
no description
ep-carrier-endpoint-prefix-string
string
no description
ep-carrier-endpoint-source
string
    Choices:
  • http-header
  • cookie
no description
ep-ip-header
string
no description
ep-ip-header-suppress
string
    Choices:
  • disable
  • enable
no description
ep-missing-header-fallback
string
    Choices:
  • session-ip
  • policy-profile
no description
ep-profile-query-type
string
    Choices:
  • session-ip
  • extract-ip
  • extract-carrier-endpoint
no description
group-override-attr-type
string
    Choices:
  • filter-Id
  • class
no description
h3c-compatibility
string
    Choices:
  • disable
  • enable
no description
interface
string
no description
interface-select-method
string
    Choices:
  • auto
  • sdwan
  • specify
no description
nas-ip
string
no description
password-encoding
string
    Choices:
  • ISO-8859-1
  • auto
no description
password-renewal
string
    Choices:
  • disable
  • enable
no description
radius-coa
string
    Choices:
  • disable
  • enable
no description
radius-port
integer
no description
rsso
string
    Choices:
  • disable
  • enable
no description
rsso-context-timeout
integer
no description
rsso-endpoint-attribute
string
    Choices:
  • User-Name
  • User-Password
  • CHAP-Password
  • NAS-IP-Address
  • NAS-Port
  • Service-Type
  • Framed-Protocol
  • Framed-IP-Address
  • Framed-IP-Netmask
  • Framed-Routing
  • Filter-Id
  • Framed-MTU
  • Framed-Compression
  • Login-IP-Host
  • Login-Service
  • Login-TCP-Port
  • Reply-Message
  • Callback-Number
  • Callback-Id
  • Framed-Route
  • Framed-IPX-Network
  • State
  • Class
  • Session-Timeout
  • Idle-Timeout
  • Termination-Action
  • Called-Station-Id
  • Calling-Station-Id
  • NAS-Identifier
  • Proxy-State
  • Login-LAT-Service
  • Login-LAT-Node
  • Login-LAT-Group
  • Framed-AppleTalk-Link
  • Framed-AppleTalk-Network
  • Framed-AppleTalk-Zone
  • Acct-Status-Type
  • Acct-Delay-Time
  • Acct-Input-Octets
  • Acct-Output-Octets
  • Acct-Session-Id
  • Acct-Authentic
  • Acct-Session-Time
  • Acct-Input-Packets
  • Acct-Output-Packets
  • Acct-Terminate-Cause
  • Acct-Multi-Session-Id
  • Acct-Link-Count
  • CHAP-Challenge
  • NAS-Port-Type
  • Port-Limit
  • Login-LAT-Port
no description
rsso-endpoint-block-attribute
string
    Choices:
  • User-Name
  • User-Password
  • CHAP-Password
  • NAS-IP-Address
  • NAS-Port
  • Service-Type
  • Framed-Protocol
  • Framed-IP-Address
  • Framed-IP-Netmask
  • Framed-Routing
  • Filter-Id
  • Framed-MTU
  • Framed-Compression
  • Login-IP-Host
  • Login-Service
  • Login-TCP-Port
  • Reply-Message
  • Callback-Number
  • Callback-Id
  • Framed-Route
  • Framed-IPX-Network
  • State
  • Class
  • Session-Timeout
  • Idle-Timeout
  • Termination-Action
  • Called-Station-Id
  • Calling-Station-Id
  • NAS-Identifier
  • Proxy-State
  • Login-LAT-Service
  • Login-LAT-Node
  • Login-LAT-Group
  • Framed-AppleTalk-Link
  • Framed-AppleTalk-Network
  • Framed-AppleTalk-Zone
  • Acct-Status-Type
  • Acct-Delay-Time
  • Acct-Input-Octets
  • Acct-Output-Octets
  • Acct-Session-Id
  • Acct-Authentic
  • Acct-Session-Time
  • Acct-Input-Packets
  • Acct-Output-Packets
  • Acct-Terminate-Cause
  • Acct-Multi-Session-Id
  • Acct-Link-Count
  • CHAP-Challenge
  • NAS-Port-Type
  • Port-Limit
  • Login-LAT-Port
no description
rsso-ep-one-ip-only
string
    Choices:
  • disable
  • enable
no description
rsso-flush-ip-session
string
    Choices:
  • disable
  • enable
no description
rsso-log-flags
list / elements=string
    Choices:
  • none
  • protocol-error
  • profile-missing
  • context-missing
  • accounting-stop-missed
  • accounting-event
  • radiusd-other
  • endpoint-block
no description
rsso-log-period
integer
no description
rsso-radius-response
string
    Choices:
  • disable
  • enable
no description
rsso-radius-server-port
integer
no description
rsso-secret
string
no description
rsso-validate-request-secret
string
    Choices:
  • disable
  • enable
no description
secondary-secret
string
no description
secondary-server
string
no description
secret
string
no description
server
string
no description
source-ip
string
no description
sso-attribute
string
    Choices:
  • User-Name
  • User-Password
  • CHAP-Password
  • NAS-IP-Address
  • NAS-Port
  • Service-Type
  • Framed-Protocol
  • Framed-IP-Address
  • Framed-IP-Netmask
  • Framed-Routing
  • Filter-Id
  • Framed-MTU
  • Framed-Compression
  • Login-IP-Host
  • Login-Service
  • Login-TCP-Port
  • Reply-Message
  • Callback-Number
  • Callback-Id
  • Framed-Route
  • Framed-IPX-Network
  • State
  • Class
  • Session-Timeout
  • Idle-Timeout
  • Termination-Action
  • Called-Station-Id
  • Calling-Station-Id
  • NAS-Identifier
  • Proxy-State
  • Login-LAT-Service
  • Login-LAT-Node
  • Login-LAT-Group
  • Framed-AppleTalk-Link
  • Framed-AppleTalk-Network
  • Framed-AppleTalk-Zone
  • Acct-Status-Type
  • Acct-Delay-Time
  • Acct-Input-Octets
  • Acct-Output-Octets
  • Acct-Session-Id
  • Acct-Authentic
  • Acct-Session-Time
  • Acct-Input-Packets
  • Acct-Output-Packets
  • Acct-Terminate-Cause
  • Acct-Multi-Session-Id
  • Acct-Link-Count
  • CHAP-Challenge
  • NAS-Port-Type
  • Port-Limit
  • Login-LAT-Port
no description
sso-attribute-key
string
no description
sso-attribute-value-override
string
    Choices:
  • disable
  • enable
no description
switch-controller-acct-fast-framedip-detect
integer
no description
switch-controller-service-type
list / elements=string
    Choices:
  • login
  • framed
  • callback-login
  • callback-framed
  • outbound
  • administrative
  • nas-prompt
  • authenticate-only
  • callback-nas-prompt
  • call-check
  • callback-administrative
no description
tertiary-secret
string
no description
tertiary-server
string
no description
timeout
integer
no description
use-group-for-profile
string
    Choices:
  • disable
  • enable
no description
use-management-vdom
string
    Choices:
  • disable
  • enable
no description
username-case-sensitive
string
    Choices:
  • disable
  • enable
no description
group-override-attr-type
string
    Choices:
  • filter-Id
  • class
RADIUS attribute type to override user group information.
h3c-compatibility
string
    Choices:
  • disable
  • enable
Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication.
interface
string
Specify outgoing interface to reach server.
interface-select-method
string
    Choices:
  • auto
  • sdwan
  • specify
Specify how to select outgoing interface to reach server.
name
string
RADIUS server entry name.
nas-ip
string
IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
password-encoding
string
    Choices:
  • ISO-8859-1
  • auto
Password encoding.
password-renewal
string
    Choices:
  • disable
  • enable
Enable/disable password renewal.
radius-coa
string
    Choices:
  • disable
  • enable
Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is a...
radius-port
integer
RADIUS service port number.
rsso
string
    Choices:
  • disable
  • enable
Enable/disable RADIUS based single sign on feature.
rsso-context-timeout
integer
Time in seconds before the logged out user is removed from the "user context list" of logged on users.
rsso-endpoint-attribute
string
    Choices:
  • User-Name
  • User-Password
  • CHAP-Password
  • NAS-IP-Address
  • NAS-Port
  • Service-Type
  • Framed-Protocol
  • Framed-IP-Address
  • Framed-IP-Netmask
  • Framed-Routing
  • Filter-Id
  • Framed-MTU
  • Framed-Compression
  • Login-IP-Host
  • Login-Service
  • Login-TCP-Port
  • Reply-Message
  • Callback-Number
  • Callback-Id
  • Framed-Route
  • Framed-IPX-Network
  • State
  • Class
  • Session-Timeout
  • Idle-Timeout
  • Termination-Action
  • Called-Station-Id
  • Calling-Station-Id
  • NAS-Identifier
  • Proxy-State
  • Login-LAT-Service
  • Login-LAT-Node
  • Login-LAT-Group
  • Framed-AppleTalk-Link
  • Framed-AppleTalk-Network
  • Framed-AppleTalk-Zone
  • Acct-Status-Type
  • Acct-Delay-Time
  • Acct-Input-Octets
  • Acct-Output-Octets
  • Acct-Session-Id
  • Acct-Authentic
  • Acct-Session-Time
  • Acct-Input-Packets
  • Acct-Output-Packets
  • Acct-Terminate-Cause
  • Acct-Multi-Session-Id
  • Acct-Link-Count
  • CHAP-Challenge
  • NAS-Port-Type
  • Port-Limit
  • Login-LAT-Port
RADIUS attributes used to extract the user end point identifer from the RADIUS Start record.
rsso-endpoint-block-attribute
string
    Choices:
  • User-Name
  • User-Password
  • CHAP-Password
  • NAS-IP-Address
  • NAS-Port
  • Service-Type
  • Framed-Protocol
  • Framed-IP-Address
  • Framed-IP-Netmask
  • Framed-Routing
  • Filter-Id
  • Framed-MTU
  • Framed-Compression
  • Login-IP-Host
  • Login-Service
  • Login-TCP-Port
  • Reply-Message
  • Callback-Number
  • Callback-Id
  • Framed-Route
  • Framed-IPX-Network
  • State
  • Class
  • Session-Timeout
  • Idle-Timeout
  • Termination-Action
  • Called-Station-Id
  • Calling-Station-Id
  • NAS-Identifier
  • Proxy-State
  • Login-LAT-Service
  • Login-LAT-Node
  • Login-LAT-Group
  • Framed-AppleTalk-Link
  • Framed-AppleTalk-Network
  • Framed-AppleTalk-Zone
  • Acct-Status-Type
  • Acct-Delay-Time
  • Acct-Input-Octets
  • Acct-Output-Octets
  • Acct-Session-Id
  • Acct-Authentic
  • Acct-Session-Time
  • Acct-Input-Packets
  • Acct-Output-Packets
  • Acct-Terminate-Cause
  • Acct-Multi-Session-Id
  • Acct-Link-Count
  • CHAP-Challenge
  • NAS-Port-Type
  • Port-Limit
  • Login-LAT-Port
RADIUS attributes used to block a user.
rsso-ep-one-ip-only
string
    Choices:
  • disable
  • enable
Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages.
rsso-flush-ip-session
string
    Choices:
  • disable
  • enable
Enable/disable flushing user IP sessions on RADIUS accounting Stop messages.
rsso-log-flags
list / elements=string
    Choices:
  • none
  • protocol-error
  • profile-missing
  • context-missing
  • accounting-stop-missed
  • accounting-event
  • radiusd-other
  • endpoint-block
no description
rsso-log-period
integer
Time interval in seconds that group event log messages will be generated for dynamic profile events.
rsso-radius-response
string
    Choices:
  • disable
  • enable
Enable/disable sending RADIUS response packets after receiving Start and Stop records.
rsso-radius-server-port
integer
UDP port to listen on for RADIUS Start and Stop records.
rsso-secret
string
no description
rsso-validate-request-secret
string
    Choices:
  • disable
  • enable
Enable/disable validating the RADIUS request shared secret in the Start or End record.
secondary-secret
string
no description
secondary-server
string
{<name_str|ip_str>} secondary RADIUS CN domain name or IP.
secret
string
no description
server
string
Primary RADIUS server CN domain name or IP address.
source-ip
string
Source IP address for communications to the RADIUS server.
sso-attribute
string
    Choices:
  • User-Name
  • User-Password
  • CHAP-Password
  • NAS-IP-Address
  • NAS-Port
  • Service-Type
  • Framed-Protocol
  • Framed-IP-Address
  • Framed-IP-Netmask
  • Framed-Routing
  • Filter-Id
  • Framed-MTU
  • Framed-Compression
  • Login-IP-Host
  • Login-Service
  • Login-TCP-Port
  • Reply-Message
  • Callback-Number
  • Callback-Id
  • Framed-Route
  • Framed-IPX-Network
  • State
  • Class
  • Session-Timeout
  • Idle-Timeout
  • Termination-Action
  • Called-Station-Id
  • Calling-Station-Id
  • NAS-Identifier
  • Proxy-State
  • Login-LAT-Service
  • Login-LAT-Node
  • Login-LAT-Group
  • Framed-AppleTalk-Link
  • Framed-AppleTalk-Network
  • Framed-AppleTalk-Zone
  • Acct-Status-Type
  • Acct-Delay-Time
  • Acct-Input-Octets
  • Acct-Output-Octets
  • Acct-Session-Id
  • Acct-Authentic
  • Acct-Session-Time
  • Acct-Input-Packets
  • Acct-Output-Packets
  • Acct-Terminate-Cause
  • Acct-Multi-Session-Id
  • Acct-Link-Count
  • CHAP-Challenge
  • NAS-Port-Type
  • Port-Limit
  • Login-LAT-Port
RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record.
sso-attribute-key
string
Key prefix for SSO group value in the SSO attribute.
sso-attribute-value-override
string
    Choices:
  • disable
  • enable
Enable/disable override old attribute value with new value for the same endpoint.
switch-controller-acct-fast-framedip-detect
integer
Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
switch-controller-service-type
list / elements=string
    Choices:
  • login
  • framed
  • callback-login
  • callback-framed
  • outbound
  • administrative
  • nas-prompt
  • authenticate-only
  • callback-nas-prompt
  • call-check
  • callback-administrative
no description
tertiary-secret
string
no description
tertiary-server
string
{<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
timeout
integer
Time in seconds between re-sending authentication requests.
use-management-vdom
string
    Choices:
  • disable
  • enable
Enable/disable using management VDOM to send requests.
username-case-sensitive
string
    Choices:
  • disable
  • enable
Enable/disable case sensitive user names.
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
  • To create or update an object, use state present directive.
  • To delete an object, use state absent directive.
  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure RADIUS server entries.
     fmgr_user_radius:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: <value in [present, absent]>
        user_radius:
           accounting-server:
             -
                 id: <value of integer>
                 port: <value of integer>
                 secret: <value of string>
                 server: <value of string>
                 source-ip: <value of string>
                 status: <value in [disable, enable]>
                 interface: <value of string>
                 interface-select-method: <value in [auto, sdwan, specify]>
           acct-all-servers: <value in [disable, enable]>
           acct-interim-interval: <value of integer>
           all-usergroup: <value in [disable, enable]>
           auth-type: <value in [pap, chap, ms_chap, ...]>
           class: <value of string>
           dynamic_mapping:
             -
                 _scope:
                   -
                       name: <value of string>
                       vdom: <value of string>
                 acct-all-servers: <value in [disable, enable]>
                 acct-interim-interval: <value of integer>
                 all-usergroup: <value in [disable, enable]>
                 auth-type: <value in [pap, chap, ms_chap, ...]>
                 class: <value of string>
                 dp-carrier-endpoint-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
                 dp-carrier-endpoint-block-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
                 dp-context-timeout: <value of integer>
                 dp-flush-ip-session: <value in [disable, enable]>
                 dp-hold-time: <value of integer>
                 dp-http-header: <value of string>
                 dp-http-header-fallback: <value in [ip-header-address, default-profile]>
                 dp-http-header-status: <value in [disable, enable]>
                 dp-http-header-suppress: <value in [disable, enable]>
                 dp-log-dyn_flags:
                   - none
                   - protocol-error
                   - profile-missing
                   - context-missing
                   - accounting-stop-missed
                   - accounting-event
                   - radiusd-other
                   - endpoint-block
                 dp-log-period: <value of integer>
                 dp-mem-percent: <value of integer>
                 dp-profile-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
                 dp-profile-attribute-key: <value of string>
                 dp-radius-response: <value in [disable, enable]>
                 dp-radius-server-port: <value of integer>
                 dp-secret: <value of string>
                 dp-validate-request-secret: <value in [disable, enable]>
                 dynamic-profile: <value in [disable, enable]>
                 endpoint-translation: <value in [disable, enable]>
                 ep-carrier-endpoint-convert-hex: <value in [disable, enable]>
                 ep-carrier-endpoint-header: <value of string>
                 ep-carrier-endpoint-header-suppress: <value in [disable, enable]>
                 ep-carrier-endpoint-prefix: <value in [disable, enable]>
                 ep-carrier-endpoint-prefix-range-max: <value of integer>
                 ep-carrier-endpoint-prefix-range-min: <value of integer>
                 ep-carrier-endpoint-prefix-string: <value of string>
                 ep-carrier-endpoint-source: <value in [http-header, cookie]>
                 ep-ip-header: <value of string>
                 ep-ip-header-suppress: <value in [disable, enable]>
                 ep-missing-header-fallback: <value in [session-ip, policy-profile]>
                 ep-profile-query-type: <value in [session-ip, extract-ip, extract-carrier-endpoint]>
                 h3c-compatibility: <value in [disable, enable]>
                 nas-ip: <value of string>
                 password-encoding: <value in [ISO-8859-1, auto]>
                 password-renewal: <value in [disable, enable]>
                 radius-coa: <value in [disable, enable]>
                 radius-port: <value of integer>
                 rsso: <value in [disable, enable]>
                 rsso-context-timeout: <value of integer>
                 rsso-endpoint-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
                 rsso-endpoint-block-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
                 rsso-ep-one-ip-only: <value in [disable, enable]>
                 rsso-flush-ip-session: <value in [disable, enable]>
                 rsso-log-flags:
                   - none
                   - protocol-error
                   - profile-missing
                   - context-missing
                   - accounting-stop-missed
                   - accounting-event
                   - radiusd-other
                   - endpoint-block
                 rsso-log-period: <value of integer>
                 rsso-radius-response: <value in [disable, enable]>
                 rsso-radius-server-port: <value of integer>
                 rsso-secret: <value of string>
                 rsso-validate-request-secret: <value in [disable, enable]>
                 secondary-secret: <value of string>
                 secondary-server: <value of string>
                 secret: <value of string>
                 server: <value of string>
                 source-ip: <value of string>
                 sso-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
                 sso-attribute-key: <value of string>
                 sso-attribute-value-override: <value in [disable, enable]>
                 tertiary-secret: <value of string>
                 tertiary-server: <value of string>
                 timeout: <value of integer>
                 use-group-for-profile: <value in [disable, enable]>
                 use-management-vdom: <value in [disable, enable]>
                 username-case-sensitive: <value in [disable, enable]>
                 interface: <value of string>
                 interface-select-method: <value in [auto, sdwan, specify]>
                 group-override-attr-type: <value in [filter-Id, class]>
                 switch-controller-acct-fast-framedip-detect: <value of integer>
                 accounting-server:
                   -
                       id: <value of integer>
                       interface: <value of string>
                       interface-select-method: <value in [auto, sdwan, specify]>
                       port: <value of integer>
                       secret: <value of string>
                       server: <value of string>
                       source-ip: <value of string>
                       status: <value in [disable, enable]>
                 switch-controller-service-type:
                   - login
                   - framed
                   - callback-login
                   - callback-framed
                   - outbound
                   - administrative
                   - nas-prompt
                   - authenticate-only
                   - callback-nas-prompt
                   - call-check
                   - callback-administrative
           h3c-compatibility: <value in [disable, enable]>
           name: <value of string>
           nas-ip: <value of string>
           password-encoding: <value in [ISO-8859-1, auto]>
           password-renewal: <value in [disable, enable]>
           radius-coa: <value in [disable, enable]>
           radius-port: <value of integer>
           rsso: <value in [disable, enable]>
           rsso-context-timeout: <value of integer>
           rsso-endpoint-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
           rsso-endpoint-block-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
           rsso-ep-one-ip-only: <value in [disable, enable]>
           rsso-flush-ip-session: <value in [disable, enable]>
           rsso-log-flags:
             - none
             - protocol-error
             - profile-missing
             - context-missing
             - accounting-stop-missed
             - accounting-event
             - radiusd-other
             - endpoint-block
           rsso-log-period: <value of integer>
           rsso-radius-response: <value in [disable, enable]>
           rsso-radius-server-port: <value of integer>
           rsso-secret: <value of string>
           rsso-validate-request-secret: <value in [disable, enable]>
           secondary-secret: <value of string>
           secondary-server: <value of string>
           secret: <value of string>
           server: <value of string>
           source-ip: <value of string>
           sso-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]>
           sso-attribute-key: <value of string>
           sso-attribute-value-override: <value in [disable, enable]>
           tertiary-secret: <value of string>
           tertiary-server: <value of string>
           timeout: <value of integer>
           use-management-vdom: <value in [disable, enable]>
           username-case-sensitive: <value in [disable, enable]>
           interface: <value of string>
           interface-select-method: <value in [auto, sdwan, specify]>
           group-override-attr-type: <value in [filter-Id, class]>
           switch-controller-acct-fast-framedip-detect: <value of integer>
           switch-controller-service-type:
             - login
             - framed
             - callback-login
             - callback-framed
             - outbound
             - administrative
             - nas-prompt
             - authenticate-only
             - callback-nas-prompt
             - call-check
             - callback-administrative

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)
  • Jie Xue (@JieX19)
  • Frank Shen (@fshen01)
  • Hongbin Lu (@fgtdev-hblu)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_user_radius_module.html