Hello, all
I have a Fortigate cluster with some VPN users defined as local password users with 2fa. I'd like to export these users for use in a directory server in order to apply additional login policies (such as inactivity block, or failed login block, etc).
I'd like to do this in the least disruptive way possible, which means I'd like to somehow take the users current passwords and import them into the directory server.
I understand that the password are in a one way hash but since they are hashed in SHA256 (I think), I thought I could use them in a system that understands that hash. Unfortunately I haven't found a way to convert them into a format another directory (for example, unix shadow file) can understand it.
According to Fortigate hardening guide it is base64 encoded, but when I decode the string I get unprintable characters. Are they supposed to be a file?
I know the first characters likely denote the kind of hashing ("$S2$ for SHA-256?) but what else can I do to convert the rest into a Unix readable password?
Thanks for the help.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1528 | |
1020 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.