Note
This plugin is part of the fortinet.fortimanager collection (version 2.1.3).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_user_radius
.
New in version 2.10: of fortinet.fortimanager
Parameter | Choices/Defaults | Comments | |||
---|---|---|---|---|---|
adom string / required | the parameter (adom) in requested url | ||||
bypass_validation boolean |
| only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | |||
enable_log boolean |
| Enable/Disable logging for task | |||
proposed_method string |
| The overridden method for the underlying Json RPC request | |||
rc_failed list / elements=string | the rc codes list with which the conditions to fail will be overriden | ||||
rc_succeeded list / elements=string | the rc codes list with which the conditions to succeed will be overriden | ||||
state string / required |
| the directive to create, update or delete an object | |||
user_radius dictionary | the top level parameters set | ||||
accounting-server list / elements=string | no description | ||||
id integer | ID (0 - 4294967295). | ||||
interface string | Specify outgoing interface to reach server. | ||||
interface-select-method string |
| Specify how to select outgoing interface to reach server. | |||
port integer | RADIUS accounting port number. | ||||
secret string | no description | ||||
server string | {<name_str|ip_str>} Server CN domain name or IP. | ||||
source-ip string | Source IP address for communications to the RADIUS server. | ||||
status string |
| Status. | |||
acct-all-servers string |
| Enable/disable sending of accounting messages to all configured servers (default = disable). | |||
acct-interim-interval integer | Time in seconds between each accounting interim update message. | ||||
all-usergroup string |
| Enable/disable automatically including this RADIUS server in all user groups. | |||
auth-type string |
| Authentication methods/protocols permitted for this RADIUS server. | |||
class string | no description | ||||
dynamic_mapping list / elements=string | no description | ||||
_scope list / elements=string | no description | ||||
name string | no description | ||||
vdom string | no description | ||||
accounting-server list / elements=string | no description | ||||
id integer | no description | ||||
interface string | no description | ||||
interface-select-method string |
| no description | |||
port integer | no description | ||||
secret string | no description | ||||
server string | no description | ||||
source-ip string | no description | ||||
status string |
| no description | |||
acct-all-servers string |
| no description | |||
acct-interim-interval integer | no description | ||||
all-usergroup string |
| no description | |||
auth-type string |
| no description | |||
class string | no description | ||||
dp-carrier-endpoint-attribute string |
| no description | |||
dp-carrier-endpoint-block-attribute string |
| no description | |||
dp-context-timeout integer | no description | ||||
dp-flush-ip-session string |
| no description | |||
dp-hold-time integer | no description | ||||
dp-http-header string | no description | ||||
dp-http-header-fallback string |
| no description | |||
dp-http-header-status string |
| no description | |||
dp-http-header-suppress string |
| no description | |||
dp-log-dyn_flags list / elements=string |
| no description | |||
dp-log-period integer | no description | ||||
dp-mem-percent integer | no description | ||||
dp-profile-attribute string |
| no description | |||
dp-profile-attribute-key string | no description | ||||
dp-radius-response string |
| no description | |||
dp-radius-server-port integer | no description | ||||
dp-secret string | no description | ||||
dp-validate-request-secret string |
| no description | |||
dynamic-profile string |
| no description | |||
endpoint-translation string |
| no description | |||
ep-carrier-endpoint-convert-hex string |
| no description | |||
ep-carrier-endpoint-header string | no description | ||||
ep-carrier-endpoint-header-suppress string |
| no description | |||
ep-carrier-endpoint-prefix string |
| no description | |||
ep-carrier-endpoint-prefix-range-max integer | no description | ||||
ep-carrier-endpoint-prefix-range-min integer | no description | ||||
ep-carrier-endpoint-prefix-string string | no description | ||||
ep-carrier-endpoint-source string |
| no description | |||
ep-ip-header string | no description | ||||
ep-ip-header-suppress string |
| no description | |||
ep-missing-header-fallback string |
| no description | |||
ep-profile-query-type string |
| no description | |||
group-override-attr-type string |
| no description | |||
h3c-compatibility string |
| no description | |||
interface string | no description | ||||
interface-select-method string |
| no description | |||
nas-ip string | no description | ||||
password-encoding string |
| no description | |||
password-renewal string |
| no description | |||
radius-coa string |
| no description | |||
radius-port integer | no description | ||||
rsso string |
| no description | |||
rsso-context-timeout integer | no description | ||||
rsso-endpoint-attribute string |
| no description | |||
rsso-endpoint-block-attribute string |
| no description | |||
rsso-ep-one-ip-only string |
| no description | |||
rsso-flush-ip-session string |
| no description | |||
rsso-log-flags list / elements=string |
| no description | |||
rsso-log-period integer | no description | ||||
rsso-radius-response string |
| no description | |||
rsso-radius-server-port integer | no description | ||||
rsso-secret string | no description | ||||
rsso-validate-request-secret string |
| no description | |||
secondary-secret string | no description | ||||
secondary-server string | no description | ||||
secret string | no description | ||||
server string | no description | ||||
source-ip string | no description | ||||
sso-attribute string |
| no description | |||
sso-attribute-key string | no description | ||||
sso-attribute-value-override string |
| no description | |||
switch-controller-acct-fast-framedip-detect integer | no description | ||||
switch-controller-service-type list / elements=string |
| no description | |||
tertiary-secret string | no description | ||||
tertiary-server string | no description | ||||
timeout integer | no description | ||||
use-group-for-profile string |
| no description | |||
use-management-vdom string |
| no description | |||
username-case-sensitive string |
| no description | |||
group-override-attr-type string |
| RADIUS attribute type to override user group information. | |||
h3c-compatibility string |
| Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. | |||
interface string | Specify outgoing interface to reach server. | ||||
interface-select-method string |
| Specify how to select outgoing interface to reach server. | |||
name string | RADIUS server entry name. | ||||
nas-ip string | IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes. | ||||
password-encoding string |
| Password encoding. | |||
password-renewal string |
| Enable/disable password renewal. | |||
radius-coa string |
| Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is a... | |||
radius-port integer | RADIUS service port number. | ||||
rsso string |
| Enable/disable RADIUS based single sign on feature. | |||
rsso-context-timeout integer | Time in seconds before the logged out user is removed from the "user context list" of logged on users. | ||||
rsso-endpoint-attribute string |
| RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. | |||
rsso-endpoint-block-attribute string |
| RADIUS attributes used to block a user. | |||
rsso-ep-one-ip-only string |
| Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. | |||
rsso-flush-ip-session string |
| Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. | |||
rsso-log-flags list / elements=string |
| no description | |||
rsso-log-period integer | Time interval in seconds that group event log messages will be generated for dynamic profile events. | ||||
rsso-radius-response string |
| Enable/disable sending RADIUS response packets after receiving Start and Stop records. | |||
rsso-radius-server-port integer | UDP port to listen on for RADIUS Start and Stop records. | ||||
rsso-secret string | no description | ||||
rsso-validate-request-secret string |
| Enable/disable validating the RADIUS request shared secret in the Start or End record. | |||
secondary-secret string | no description | ||||
secondary-server string | {<name_str|ip_str>} secondary RADIUS CN domain name or IP. | ||||
secret string | no description | ||||
server string | Primary RADIUS server CN domain name or IP address. | ||||
source-ip string | Source IP address for communications to the RADIUS server. | ||||
sso-attribute string |
| RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. | |||
sso-attribute-key string | Key prefix for SSO group value in the SSO attribute. | ||||
sso-attribute-value-override string |
| Enable/disable override old attribute value with new value for the same endpoint. | |||
switch-controller-acct-fast-framedip-detect integer | Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2). | ||||
switch-controller-service-type list / elements=string |
| no description | |||
tertiary-secret string | no description | ||||
tertiary-server string | {<name_str|ip_str>} tertiary RADIUS CN domain name or IP. | ||||
timeout integer | Time in seconds between re-sending authentication requests. | ||||
use-management-vdom string |
| Enable/disable using management VDOM to send requests. | |||
username-case-sensitive string |
| Enable/disable case sensitive user names. | |||
workspace_locking_adom string | the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | ||||
workspace_locking_timeout integer | Default: 300 | the maximum time in seconds to wait for other user to release the workspace lock |
Note
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure RADIUS server entries. fmgr_user_radius: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> state: <value in [present, absent]> user_radius: accounting-server: - id: <value of integer> port: <value of integer> secret: <value of string> server: <value of string> source-ip: <value of string> status: <value in [disable, enable]> interface: <value of string> interface-select-method: <value in [auto, sdwan, specify]> acct-all-servers: <value in [disable, enable]> acct-interim-interval: <value of integer> all-usergroup: <value in [disable, enable]> auth-type: <value in [pap, chap, ms_chap, ...]> class: <value of string> dynamic_mapping: - _scope: - name: <value of string> vdom: <value of string> acct-all-servers: <value in [disable, enable]> acct-interim-interval: <value of integer> all-usergroup: <value in [disable, enable]> auth-type: <value in [pap, chap, ms_chap, ...]> class: <value of string> dp-carrier-endpoint-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]> dp-carrier-endpoint-block-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]> dp-context-timeout: <value of integer> dp-flush-ip-session: <value in [disable, enable]> dp-hold-time: <value of integer> dp-http-header: <value of string> dp-http-header-fallback: <value in [ip-header-address, default-profile]> dp-http-header-status: <value in [disable, enable]> dp-http-header-suppress: <value in [disable, enable]> dp-log-dyn_flags: - none - protocol-error - profile-missing - context-missing - accounting-stop-missed - accounting-event - radiusd-other - endpoint-block dp-log-period: <value of integer> dp-mem-percent: <value of integer> dp-profile-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]> dp-profile-attribute-key: <value of string> dp-radius-response: <value in [disable, enable]> dp-radius-server-port: <value of integer> dp-secret: <value of string> dp-validate-request-secret: <value in [disable, enable]> dynamic-profile: <value in [disable, enable]> endpoint-translation: <value in [disable, enable]> ep-carrier-endpoint-convert-hex: <value in [disable, enable]> ep-carrier-endpoint-header: <value of string> ep-carrier-endpoint-header-suppress: <value in [disable, enable]> ep-carrier-endpoint-prefix: <value in [disable, enable]> ep-carrier-endpoint-prefix-range-max: <value of integer> ep-carrier-endpoint-prefix-range-min: <value of integer> ep-carrier-endpoint-prefix-string: <value of string> ep-carrier-endpoint-source: <value in [http-header, cookie]> ep-ip-header: <value of string> ep-ip-header-suppress: <value in [disable, enable]> ep-missing-header-fallback: <value in [session-ip, policy-profile]> ep-profile-query-type: <value in [session-ip, extract-ip, extract-carrier-endpoint]> h3c-compatibility: <value in [disable, enable]> nas-ip: <value of string> password-encoding: <value in [ISO-8859-1, auto]> password-renewal: <value in [disable, enable]> radius-coa: <value in [disable, enable]> radius-port: <value of integer> rsso: <value in [disable, enable]> rsso-context-timeout: <value of integer> rsso-endpoint-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]> rsso-endpoint-block-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]> rsso-ep-one-ip-only: <value in [disable, enable]> rsso-flush-ip-session: <value in [disable, enable]> rsso-log-flags: - none - protocol-error - profile-missing - context-missing - accounting-stop-missed - accounting-event - radiusd-other - endpoint-block rsso-log-period: <value of integer> rsso-radius-response: <value in [disable, enable]> rsso-radius-server-port: <value of integer> rsso-secret: <value of string> rsso-validate-request-secret: <value in [disable, enable]> secondary-secret: <value of string> secondary-server: <value of string> secret: <value of string> server: <value of string> source-ip: <value of string> sso-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]> sso-attribute-key: <value of string> sso-attribute-value-override: <value in [disable, enable]> tertiary-secret: <value of string> tertiary-server: <value of string> timeout: <value of integer> use-group-for-profile: <value in [disable, enable]> use-management-vdom: <value in [disable, enable]> username-case-sensitive: <value in [disable, enable]> interface: <value of string> interface-select-method: <value in [auto, sdwan, specify]> group-override-attr-type: <value in [filter-Id, class]> switch-controller-acct-fast-framedip-detect: <value of integer> accounting-server: - id: <value of integer> interface: <value of string> interface-select-method: <value in [auto, sdwan, specify]> port: <value of integer> secret: <value of string> server: <value of string> source-ip: <value of string> status: <value in [disable, enable]> switch-controller-service-type: - login - framed - callback-login - callback-framed - outbound - administrative - nas-prompt - authenticate-only - callback-nas-prompt - call-check - callback-administrative h3c-compatibility: <value in [disable, enable]> name: <value of string> nas-ip: <value of string> password-encoding: <value in [ISO-8859-1, auto]> password-renewal: <value in [disable, enable]> radius-coa: <value in [disable, enable]> radius-port: <value of integer> rsso: <value in [disable, enable]> rsso-context-timeout: <value of integer> rsso-endpoint-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]> rsso-endpoint-block-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]> rsso-ep-one-ip-only: <value in [disable, enable]> rsso-flush-ip-session: <value in [disable, enable]> rsso-log-flags: - none - protocol-error - profile-missing - context-missing - accounting-stop-missed - accounting-event - radiusd-other - endpoint-block rsso-log-period: <value of integer> rsso-radius-response: <value in [disable, enable]> rsso-radius-server-port: <value of integer> rsso-secret: <value of string> rsso-validate-request-secret: <value in [disable, enable]> secondary-secret: <value of string> secondary-server: <value of string> secret: <value of string> server: <value of string> source-ip: <value of string> sso-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]> sso-attribute-key: <value of string> sso-attribute-value-override: <value in [disable, enable]> tertiary-secret: <value of string> tertiary-server: <value of string> timeout: <value of integer> use-management-vdom: <value in [disable, enable]> username-case-sensitive: <value in [disable, enable]> interface: <value of string> interface-select-method: <value in [auto, sdwan, specify]> group-override-attr-type: <value in [filter-Id, class]> switch-controller-acct-fast-framedip-detect: <value of integer> switch-controller-service-type: - login - framed - callback-login - callback-framed - outbound - administrative - nas-prompt - authenticate-only - callback-nas-prompt - call-check - callback-administrative
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
request_url string | always | The full url requested Sample: /sys/login/user |
response_code integer | always | The status of api request |
response_message string | always | The descriptive message of the api response Sample: OK. |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_user_radius_module.html