manasac
Staff
Staff
Description
This article describes how force password change for the admin users with 'read only' privilege (created on FortiSwitch) at the first login.

Solution
Commands to configure read only access profile on FortiSwitch from CLI.
# config system accprofile
 (accprofile) # edit readonly            <----- New entry 'readonly' is added.
 (readonly) # set admingrp read
 (readonly) # set loggrp read
 (readonly) # set netgrp read
 (readonly) # set routegrp read
 (readonly) # set sysgrp read
 (readonly) # end
Commands to create a new admin user with read only access profile.
# config system admin
 (admin) # edit Username                <----- New entry 'Username' is added.
 (Username) set accprofile readonly
 (Username) set force-password-change enable
 (Username) set password test1234
 (Username) show
edit " Username "
set accprofile "readonly"
set force-password-change enable
set password ENC AK1R0I63BAQQxsEJk3Y6ExxlXET8qiwnHr2MWbcXaQdQTE=
next
end
 (Username) # end
# exit
Auto backup config ...
Connection to 40.40.40.1 closed.
FortiSwitch enforces the new user to change the password at the first login.
FortiGate-100E (root) # exe ssh Username@40.40.40.1
Username@40.40.40.1's password:
Your password doesn't conform to the password policy enforced on this device.
According to the password policy enforced on this device, please change your password!
New password must conform to the following policy:

minimum-length=8
New Password:***********
Re-enter New Password:***********
switch $

Contributors