Created on 12-20-2023 11:49 PM Edited on 12-21-2023 12:31 AM By Jean-Philippe_P
This article describes a new v7.4.2 feature: the admin password-only change profile.
FortiManager, FortiAnalyzer from v7.4.2 and upward.
With the latest release under FortiManager and FortiAnalyzer is introducing a new admin profile that can only list admin users and change the passwords under the CLI or through API calls.
When the user is set up with 'Password_Change_User' profile, all other options are removed except read/change password and rpc which are the JSON API calls.
GUI is not accessible by the user with this profile assigned only CLI and JSON API calls are available.
To change the password under CLI:
config system admin user
edit other_admin
set password <pass>
end
Example:
Note:
Troubleshooting:
Connect with a local 'admin' account under CLI and start the following debugs.
After that try to connect with the password change user:
diagnose debug reset
diagnose debug application auth 255
diagnose debug timestamp enable
diagnose debug enable
diagnose debug disable
diagnose debug reset
After reviewing the connected user/s disable the debugs.
Note:
Command parameters are case-sensitive. Quotes are always used around the parameters like in this example 'my_Account'.
Related Article:
Technical Tip: IPS profile enhancement under FortiManager in v7.4.2
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.