Use Ldap Groups In Firewall And Ssl-Vpn Authentication - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Use LDAP groups in firewall and SSL-VPN authentication
Use LDAP groups in firewall and SSL-VPN authentication
76
set
must-contain [lower-case-letter upper-case-letter
non-alphanumeric number]
end
Variable
apply-to [admin-password
ipsec-preshared-key]
change-4-characters
{enable | disable}
expire <days>
minimum-length <chars>
must-contain
[lower-case-letter
upper-case-letter
non-alphanumeric number]
status {enable | disable} Enable password policy.
config system admin
edit <name_str>
set
force-password-change {enable | disable}
set
password-expire YYYY-MM-DD HH:MM:SS
end
Variable
edit <name_str>
force-password-change
{enable | disable}
password-expire
YYYY-MM-DD HH:MM:SS
Membership in specific user groups on an LDAP server can be part of the authentication
requirements for firewall or SSL VPN users. This enables you to use the group
memberships on a Windows AD system to control user access to resources on the
FortiGate unit.
In the CLI, when you define a FortiGate user group, you can specify the required LDAP
server user group memberships using the new ldap-memberof keyword.
config user group
edit <FGTgroupname>
set group-type {sslvpn | firewall }
set member <user1> [<user2>] [<usern>...]
set ldap-memberof <LDAPgroupstring>
end
Description
Select where the policy applies:
administrator passwords or IPSec
preshared keys.
Enable to require the new password to
differ from the old password by at least
four characters.
Set time to expiry in days. Enter 0 for no
expiry.
Set the minimum length of password in
characters. Range 8 to 32.
Specify character types that must occur
at least once in the password.
Description
Enter the name of the administrator that you
want to configure.
Enable to require this administrator to change
password at next login. Disabling this option
does not prevent required password change due
to password policy violation or expiry.
Enter the date and time that this administrator's
password expires. Enter zero values for no
expiry.
FortiGate Version 4.0 MR1 Administration Guide
What's new in FortiOS Version 4.0 MR1
Default
admin-password
disable
0
8
Null
disable
Default
No default.
disable
0000-00-00
00:00:00
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
Advertisement
Table of Contents
