FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 192353

Description


This articles discusses how to change the appliance CLI passwords.

 

To ensure proper communication between servers in a FortiNAC system, CLI and Configuration Wizard passwords must be configured and changed using the Configuration Wizard for the Control Server.  They should not be changed via the CLI. 

If the root password has been changed via the CLI, contact Support to ensure the proper files are updated for server communication.   

Note the following:

- The CLI passwords are not the same as the passwords used for Admin UI access.  Changing passwords on an existing Administration UI account is done from within the UI.  Instructions can be found in the online help under the topic 'Add Or Modify A User'.

 

- If a Control Server and Application server pair, edit passwords for both from this window.

 

- Only one set of credentials can be changed at a time.


Scope

 

Version: 8.x and 9.x.

 

Solution

 

Customers avoiding the use of Configuration Wizard due to customizations can safely change passwords using this method as it will not manipulate any other configuration.      

1) Connect to the Configuration Wizard Passwords window directly by typing one of the following URL's:

Version 9.1 and below:

 

http://<Control Server Host Name>:8080/configWizard/PasswordChange.jsp 
http://<Control Server IP Address>:8080/configWizard/PasswordChange.jsp 

 
Version 9.2 and above:
 
Login to the Administration UI (https://<FortiNAC IP Address or hostname>:8443)
Navigate to Users & Hosts -> Administrators.
Select CLI Passwords.
 
2) Enter the existing password and the new password in the appropriate fields.  Refer to the screen for valid password requirements as well as characters which are not permitted for use within the password.  

3) Click APPLY next to the password being changed.  A confirmation window will appear.

4) Click OK to return to the Passwords window.

5) Repeat steps 1-4 to change passwords for another user.

 

 

Changing root password in High Availability (HA) environments:

 

6) Repeat steps 1-4 on the Secondary Control Server using the actual IP address (not the Virtual IP (VIP)).


If unable to access the Secondary and the pair has a VIP, see section "Access Secondary Server Wizard Post L2 HA Configuration" of the Configuration Wizard guide for instructions.

 

7) Update the root CLI passwords in the High Availability configuration. Otherwise, the Primary Control Server will not be able to communicate with the Secondary properly.  Note: Updating the HA configuration restarts the appliances.

 

Refer to following Administration guide links below:
Version 8: https://docs.fortinet.com/document/fortinac/8.8.0/administration-guide/26323/high-availability 
Version 9: https://docs.fortinet.com/document/fortinac/9.1.0/administration-guide/26323/high-availability 

 

Contact Support if further assistance is needed. 
 

Related Articles

Technical Note: CentOS 5 password recovery

Technical Tip: FortiNAC CLI password recovery