New in version 2.8.
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| host string | FortiOS or FortiGate IP address. | |||
| https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | ||
| password string | Default: "" | FortiOS or FortiGate password. | ||
| ssl_verify boolean added in 2.9 |
| Ensures FortiGate certificate must be verified by a proper CA. | ||
| state string added in 2.9 |
| Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | ||
| user_radius dictionary | Default: null | Configure RADIUS server entries. | ||
| accounting_server list | Additional accounting servers. | |||
| id integer / required | ID (0 - 4294967295). | |||
| port integer | RADIUS accounting port number. | |||
| secret string | Secret key. | |||
| server string | name_str or ip_str Server CN domain name or IP. | |||
| source_ip string | Source IP address for communications to the RADIUS server. | |||
| status string |
| Status. | ||
| acct_all_servers string |
| Enable/disable sending of accounting messages to all configured servers. | ||
| acct_interim_interval integer | Time in seconds between each accounting interim update message. | |||
| all_usergroup string |
| Enable/disable automatically including this RADIUS server in all user groups. | ||
| auth_type string |
| Authentication methods/protocols permitted for this RADIUS server. | ||
| class list | Class attribute name(s). | |||
| name string / required | Class name. | |||
| h3c_compatibility string |
| Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. | ||
| name string / required | RADIUS server entry name. | |||
| nas_ip string | IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes. | |||
| password_encoding string |
| Password encoding. | ||
| password_renewal string |
| Enable/disable password renewal. | ||
| radius_coa string |
| Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. | ||
| radius_port integer | RADIUS service port number. | |||
| rsso string |
| Enable/disable RADIUS based single sign on feature. | ||
| rsso_context_timeout integer | Time in seconds before the logged out user is removed from the "user context list" of logged on users. | |||
| rsso_endpoint_attribute string |
| RADIUS attributes used to extract the user end point identifier from the RADIUS Start record. | ||
| rsso_endpoint_block_attribute string |
| RADIUS attributes used to block a user. | ||
| rsso_ep_one_ip_only string |
| Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. | ||
| rsso_flush_ip_session string |
| Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. | ||
| rsso_log_flags string |
| Events to log. | ||
| rsso_log_period integer | Time interval in seconds that group event log messages will be generated for dynamic profile events. | |||
| rsso_radius_response string |
| Enable/disable sending RADIUS response packets after receiving Start and Stop records. | ||
| rsso_radius_server_port integer | UDP port to listen on for RADIUS Start and Stop records. | |||
| rsso_secret string | RADIUS secret used by the RADIUS accounting server. | |||
| rsso_validate_request_secret string |
| Enable/disable validating the RADIUS request shared secret in the Start or End record. | ||
| secondary_secret string | Secret key to access the secondary server. | |||
| secondary_server string | name_str or ip_str secondary RADIUS CN domain name or IP. | |||
| secret string | Pre-shared secret key used to access the primary RADIUS server. | |||
| server string | Primary RADIUS server CN domain name or IP address. | |||
| source_ip string | Source IP address for communications to the RADIUS server. | |||
| sso_attribute string |
| RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. | ||
| sso_attribute_key string | Key prefix for SSO group value in the SSO attribute. | |||
| sso_attribute_value_override string |
| Enable/disable override old attribute value with new value for the same endpoint. | ||
| state string |
| Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | ||
| tertiary_secret string | Secret key to access the tertiary server. | |||
| tertiary_server string | name_str or ip_str tertiary RADIUS CN domain name or IP. | |||
| timeout integer | Time in seconds between re-sending authentication requests. | |||
| use_management_vdom string |
| Enable/disable using management VDOM to send requests. | ||
| username_case_sensitive string |
| Enable/disable case sensitive user names. | ||
| username string | FortiOS or FortiGate username. | |||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | ||
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure RADIUS server entries.
fortios_user_radius:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
state: "present"
user_radius:
accounting_server:
-
id: "4"
port: "5"
secret: "<your_own_value>"
server: "192.168.100.40"
source_ip: "84.230.14.43"
status: "enable"
acct_all_servers: "enable"
acct_interim_interval: "11"
all_usergroup: "disable"
auth_type: "auto"
class:
-
name: "default_name_15"
h3c_compatibility: "enable"
name: "default_name_17"
nas_ip: "<your_own_value>"
password_encoding: "auto"
password_renewal: "enable"
radius_coa: "enable"
radius_port: "22"
rsso: "enable"
rsso_context_timeout: "24"
rsso_endpoint_attribute: "User-Name"
rsso_endpoint_block_attribute: "User-Name"
rsso_ep_one_ip_only: "enable"
rsso_flush_ip_session: "enable"
rsso_log_flags: "protocol-error"
rsso_log_period: "30"
rsso_radius_response: "enable"
rsso_radius_server_port: "32"
rsso_secret: "<your_own_value>"
rsso_validate_request_secret: "enable"
secondary_secret: "<your_own_value>"
secondary_server: "<your_own_value>"
secret: "<your_own_value>"
server: "192.168.100.40"
source_ip: "84.230.14.43"
sso_attribute: "User-Name"
sso_attribute_key: "<your_own_value>"
sso_attribute_value_override: "enable"
tertiary_secret: "<your_own_value>"
tertiary_server: "<your_own_value>"
timeout: "45"
use_management_vdom: "enable"
username_case_sensitive: "enable"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/fortios_user_radius_module.html