Staff

Troubleshooting Tip: Unexpected users able to login to the FortiGate besides the configured admin due to wildcard being enabled

Forum|Forum|1 year ago
October 9, 2024
0 replies
527 views

Description

This article describes an issue where unexpected users authenticated via LDAP, RADIUS, or TACACS+ are able to log in to the FortiGate GUI, even though they were not explicitly configured as administrators.

Scope

FortiGate.

Solution

In the following screenshot, only two admins are configured: the local admin, 'admin,' and the remote admin, 'Kraken.'

Further observation reveals that the username 'kraken' type is set with 'wildcard'. This is due to the following setting:
This means that as long as the users are in the same group as the LDAP user kraken, the users will be able to log in. The example below is where user kraken2 is logged in to the GUI, which is in the same group as kraken.

This applies equally to LDAP, RADIUS, and TACACS+ authentication methods.

To remove the 'wildcard' setting on the admin user if this is not the desirable behavior.

For more information on the wildcard setting, see Configuring wildcard admin accounts.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded