|
Issue:
If all local FortiGate Administrators has trusted hosts configured, it will not be possible to login to the Single Sign-On Administrator account and will receive the error 'Unauthorized user'.
In the example below, the SSO Administrator account does not have any trusted host configured (it is not possible to set a trusted host for SSO Admins). However, when trying to log in, the error 'Unauthorized user' is received.
config system sso-admin
edit "admin_sso"
set accprofile "super_admin"
set vdom "root"
next
end
The issue is that, when checking the local administrator accounts, each local administrator is set to have a trusted host.
config system admin
edit "admin"
set trusthost1 192.168.1.0 255.255.255.0
set accprofile "super_admin"
set vdom "root"
set password ENC SH2YcMUmBTS8VeZnUBTwM6otd3izhZBGR+OlT/ZeDR2GVLaBVypc/RDb486DbM=
next
edit "admin_th_1"
set trusthost1 10.10.10.0 255.255.255.0
set accprofile "super_admin_readonly"
set vdom "root"
set password ENC SH2vUGE3Xl8waYen78uXbv9Du3y2ISpkt9m+uIA6cddwK4kX4J56AGM97dMp+g=
next
end
Solution:
- Remove the trusted host from one local administrator account.
config system admin
edit "admin"
unset trusthost1
end
One alternative is to create a 'dummy' local administrator without a trust hosted with a custom admin profile with no read/write permissions and a strong obfuscated username and password.
|
