Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
emnoc
Esteemed Contributor III

Fortimail unable to change " admin" account

Anybody ever seen a problem of NOT being able to delete the " admin" account via the gui or command line? running this config-version=FE-3KD-5.00-FW-build142-130821 and support has not been very helpful with my case that' s over 10days. The funny thing, all accounts are super_admin users profile, I can create any other account and modify the password or delete other super_admin_user profiles config system admin edit admin set password ENC $1$2dce5882$JeaA0/./0SsqUZUGBsuxJ. set access-profile super_admin_prof next And attempts to edit/delete that account " admin" fails, with a -37 error code. Any ideals?

PCNSE 

NSE 

StrongSwan  

5 REPLIES 5
Bromont_FTNT
Staff
Staff

The default " admin" account can' t be deleted.
Bromont_FTNT
Staff
Staff

Screenshot from the CLI admin guide:
emnoc
Esteemed Contributor III

That' s interesting and very bad. I don' t have access to <admin> password nor can i change it. You would think this would not the standard practice for fortinet. Here' s what notice something now & after reading your screenshot. On my other units, you get the following warning with you -37 that tells you it' s restricted. ( here I' m trying to delete it <admin> ) delete admin entry is restricted! <------ was output Command fail. Return code is -37 and here I' m trying to edit it (admin) # edit admin Command fail. Return code is -37 And the final problem, the auditors don' t want any standard login names installed on our security appliances; e.g ( no.....) admin admininstrator etc..... Thanks for the tip, I will share this with TAC and see what they tell me know. Also that last line is not correct, all of my units " super_admin_prof" accounts can reset and change any other account or delete any other accounts. They should re-write that.

PCNSE 

NSE 

StrongSwan  

sotir1984

Hi,

 

Again for future people to see this post and issue.

 

"admin" account can't be deleted on FortiMail, and per TAC reply this is by design. You can't even edit the "admin" account while your are logged in with other "super admins". You can only change it whilst logged in with "admin" itself. So never forget your "admin" password.

 

-1984-

-1984-

emnoc
Esteemed Contributor III

I wonder  if any new releases of FML os will change this behavior? I was working on a team that wanted to  strike any common "admin" accounts names ( admin Administrator root etc.....) and the FML was one item that could not be changed. FortiOS and the  fortigates does allowed you to rename the admin account and delete it btw.

 

 

PCNSE 

NSE 

StrongSwan