New Member

Question

FG50B - lost super_admin access profile?

Forum|Forum|17 years ago
September 20, 2008
5 replies
9315 views

Current OS: MR6-sp1 - I cannot assign " super_admin" profile (nor GUI, nor CLI) - It doesn' t show at GUI / system / admin / profiles - If I try to create a profile named " super_admin" , I get a " duplicated name..." error Presently, it is not a problem (I have an Admin account); but may be tomorrow I' ll have to do some management requiring " super_admin" account... Any hint? RÃ˜ BACKGROUND: May be it is related to a serious problem with an MR4 fw (a year ago): --------------- Initializing firewall... System is started. Failed to save PRNG state. failed to change to (/data/./config/) ... Error generating self-signed certificate unknown operation mode(0) The system is going down NOW !! --------------- over and over again Following KB and Forums advices, I did - an HQIP (everything correct) - a Format + Get-from-tftp (again MR4) - an Admin password reset (I couldn' t log in)

abelio

SuperUser

hi, in order to understand your problem, could you post the output of cli command " show full-configuration system admin" please?

rodecaAuthor

New Member

My problem: I thought there would be a " super_admin" access profile. But I cannot assign it to any account. My " full config etc. etc.:

  FGT50B $  show full-configuration system admin  config system admin      edit " admin"           set remote-auth disable          set peer-auth disable          set trusthost1 0.0.0.0 0.0.0.0          set trusthost2 0.0.0.0 0.0.0.0          set trusthost3 0.0.0.0 0.0.0.0          set accprofile " prof_admin"           set comments ' '           set vdom " root"           unset ssh-public-key1          unset ssh-public-key2          unset ssh-public-key3          set schedule ' '               config dashboard                  edit " licinfo"                       set column 1                      set status open                  next                  edit " jsconsole"                       set column 1                      set status close                  next                  edit " sysres"                       set column 1                      set show-fds-chart enable                      set show-fortianalyzer-chart enable                      set status open                  next                  edit " sysop"                       set column 1                      set status open                  next                  edit " sysinfo"                       set column 2                      set status open                  next                  edit " alert"                       set column 2                      set show-conserve-mode enable                      set show-firmware-change enable                      set show-system-restart enable                      set status close                  next                  edit " statistics"                       set column 2                      set status open                  next                      set column 1                      set show-fds-chart enable                      set show-fortianalyzer-chart enable                      set status open                  next                  edit " sysop"                       set column 1                      set status open                  next                  edit " sysinfo"                       set column 2                      set status open                  next                  edit " alert"                       set column 2                      set show-conserve-mode enable                      set show-firmware-change enable                      set show-system-restart enable                      set status close                  next                  edit " statistics"                       set column 2                      set status open                  next               end          set password ENC AK13DEr+pGzT+  etc..      next  end  FGT50B $

Thank you RÃ˜

abelio

SuperUser

Ok, it' s clear now: you only have an admin account with ' prof_admin' and no one with ' super_admin' profile. Agree with you: you could need that profile for certain tasks. Well, I don' t know other non-disruptive procedures that this one, mainly used for recover admin passwd; maybe others in the forum could point another path. use this thread as reference: http://support.fortinet.com/forum/tm.asp?m=41433 after logged as maintainer user you could type:

  config system admin      edit " admin"           set accprofile " super_admin"       next  end

hope it helps,

rodecaAuthor

New Member

Thank you for your quick reply. As I' m now leaving the town (no, no problem with the sheriff), it' ll take some days before I try and I can say how it resulted. See you RÃ˜

romanr

New Member

You will only need the super_admin profile/account if you use virtual domains!! If you don' t have virtual domains, then there is no difference and you don' t need to bother actually! I also sometimes lost the ' super_admin' profile, because i did backup and recover with only ' prof_admin' profiles! This is how it gets lost ;)! cheers.roman

rodecaAuthor

New Member

It' s me again, back home. Abel, applied procedure and now I have a " super_admin" . Roman, I lost that profile after a reset-to-factory + restore-backup Restored backup included only a ' config system admin' + ' edit " 1" ' . So may be I deleted the original " admin" account and created another one with that same name

. Anyway, everything is OK now. Thank you all RÃ˜

bouchlk

New Member

Hey there,

Hope you are all doing well,

I have the same problem and I tried to recover the super admin account using CLI and maintainer account, but I got below error:

# edit "admin"

'maintainer' account can only edit existing admins.

node_check_object fail! for name admin

value parse error before 'admin'

Command fail. Return code -37

Is there any way to know the super admin account as I can't see them with my profil admin

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded