Use LDAP groups in firewall and SSL-VPN authentication What’s new in FortiOS Version 4.0 MR1
FortiGate Version 4.0 MR1 Administration Guide
76 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
set must-contain [lower-case-letter upper-case-letter
non-alphanumeric number]
end
config system admin
edit <name_str>
set force-password-change {enable | disable}
set password-expire YYYY-MM-DD HH:MM:SS
end
Use LDAP groups in firewall and SSL-VPN authentication
Membership in specific user groups on an LDAP server can be part of the authentication
requirements for firewall or SSL VPN users. This enables you to use the group
memberships on a Windows AD system to control user access to resources on the
FortiGate unit.
In the CLI, when you define a FortiGate user group, you can specify the required LDAP
server user group memberships using the new ldap-memberof keyword.
config user group
edit <FGTgroupname>
set group-type {sslvpn | firewall }
set member <user1> [<user2>] [<usern>...]
set ldap-memberof <LDAPgroupstring>
end
Variable Description Default
apply-to [admin-password
ipsec-preshared-key]
Select where the policy applies:
administrator passwords or IPSec
preshared keys.
admin-password
change-4-characters
{enable | disable}
Enable to require the new password to
differ from the old password by at least
four characters.
disable
expire <days> Set time to expiry in days. Enter 0 for no
expiry.
0
minimum-length <chars> Set the minimum length of password in
characters. Range 8 to 32.
8
must-contain
[lower-case-letter
upper-case-letter
non-alphanumeric number]
Specify character types that must occur
at least once in the password.
Null
status {enable | disable} Enable password policy. disable
Variable Description Default
edit <name_str> Enter the name of the administrator that you
want to configure.
No default.
force-password-change
{enable | disable}
Enable to require this administrator to change
password at next login. Disabling this option
does not prevent required password change due
to password policy violation or expiry.
disable
password-expire
YYYY-MM-DD HH:MM:SS
Enter the date and time that this administrator’s
password expires. Enter zero values for no
expiry.
0000-00-00
00:00:00
To Next Page
Loading...
Need help?
General