Technical Tip: Force password change for the admin users with 'read only' privilege
Description
This article describes how force password change for the admin users with 'read only' privilege (created on FortiSwitch) at the first login.
Solution
Commands to configure read only access profile on FortiSwitch from CLI.
This article describes how force password change for the admin users with 'read only' privilege (created on FortiSwitch) at the first login.
Solution
Commands to configure read only access profile on FortiSwitch from CLI.
# config system accprofileCommands to create a new admin user with read only access profile.
(accprofile) # edit readonly <----- New entry 'readonly' is added.
(readonly) # set admingrp read
(readonly) # set loggrp read
(readonly) # set netgrp read
(readonly) # set routegrp read
(readonly) # set sysgrp read
(readonly) # end
# config system admin
(admin) # edit Username <----- New entry 'Username' is added.
(Username) set accprofile readonlyFortiSwitch enforces the new user to change the password at the first login.
(Username) set force-password-change enable
(Username) set password test1234
(Username) show
edit " Username "
set accprofile "readonly"
set force-password-change enable
set password ENC AK1R0I63BAQQxsEJk3Y6ExxlXET8qiwnHr2MWbcXaQdQTE=
next
end
(Username) # end
# exit
Auto backup config ...
Connection to 40.40.40.1 closed.
FortiGate-100E (root) # exe ssh Username@40.40.40.1
Username@40.40.40.1's password:
Your password doesn't conform to the password policy enforced on this device.
According to the password policy enforced on this device, please change your password!
New password must conform to the following policy:
minimum-length=8
New Password:***********
Re-enter New Password:***********
switch $