Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Error403
New Contributor

Created on ‎06-30-2016 08:53 AM

Add user in group by CLI

Hello ! I have to create a lot of users for VPN SSL portals. I want to script the creation of this users. No difficulty to create account. But, how can I add an account to a user-groups by CLI ? In advance, thank's for your help ! :) Thierry

24402
0 Kudos
7 REPLIES 7
ede_pfau
SuperUser
SuperUser

Created on ‎06-30-2016 12:08 PM

A while ago I've posted a batch command file (Windows) for creating a command file from a list of IPs. Maybe this can help: [link]https://forum.fortinet.com/tm.aspx?m=102532[/link]

It shouldn't be too difficult to adapt this to creating local users and user groups. Note that there is a limit for the number of users per group (Maximum Values matrix).

 

To get the correct syntax, create a backup textfile and search for "usergrp".

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
9076
0 Kudos
Error403
New Contributor
In response to ede_pfau

Created on ‎07-01-2016 12:45 AM

Thank you for your help ede_pfau. I already use python to generate all my commands line. Note : my request concerns local users only.

9076
0 Kudos
Error403
New Contributor
In response to Error403

Created on ‎07-01-2016 12:58 AM

Hi ! Problem solved : # config user group # edit <group_name> # set member <member_name>

9076
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to Error403

Created on ‎07-01-2016 04:05 AM

That's what I meant - syntax is documented in each backup file. I thought it was obvious (OK, "usergrp" <> "user group").

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
9076
0 Kudos
emnoc
Esteemed Contributor III
In response to ede_pfau

Created on ‎07-01-2016 07:47 AM

Becareful with the set command and adding users to a existing group. A better method if the group is already "created" is to use the append member option. This will add that new "user" to the existing member list.

 

I see scripter failure to notice this and drop various users when editing the group ;)

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
9076
0 Kudos
Error403
New Contributor
In response to emnoc

Created on ‎07-04-2016 02:28 AM

Thank you Emnoc for the tip. This option can be use with all objects ?

9076
0 Kudos
emnoc
Esteemed Contributor III
In response to Error403

Created on ‎07-04-2016 02:38 AM

It's useful for address groups , user groups, and fwpolicy  for source interfaces or address.

 

The opposite command for removing just "one" object is the  unselect member < membername(s)>

 

 

e.g

 

config user group

    edit  RWarriors

           unselect member  kenfelix

   end

 

 

or if you had a string of userss;

 

config user group

    edit  RWarriors

           unselect member  kenfelix user2 user3 user4 user5

   end

 

 

 

Hope that helps

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
9076
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.