Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rodeca
New Contributor

FG50B - lost super_admin access profile?

Current OS: MR6-sp1 - I cannot assign " super_admin" profile (nor GUI, nor CLI) - It doesn' t show at GUI / system / admin / profiles - If I try to create a profile named " super_admin" , I get a " duplicated name..." error Presently, it is not a problem (I have an Admin account); but may be tomorrow I' ll have to do some management requiring " super_admin" account... Any hint? RØ BACKGROUND: May be it is related to a serious problem with an MR4 fw (a year ago): --------------- Initializing firewall... System is started. Failed to save PRNG state. failed to change to (/data/./config/) ... Error generating self-signed certificate unknown operation mode(0) The system is going down NOW !! --------------- over and over again Following KB and Forums advices, I did - an HQIP (everything correct) - a Format + Get-from-tftp (again MR4) - an Admin password reset (I couldn' t log in)
7 REPLIES 7
abelio
SuperUser
SuperUser

hi, in order to understand your problem, could you post the output of cli command " show full-configuration system admin" please?

regards




/ Abel

regards / Abel
rodeca
New Contributor

My problem: I thought there would be a " super_admin" access profile. But I cannot assign it to any account. My " full config etc. etc.:
 FGT50B $  show full-configuration system admin
 config system admin
     edit " admin" 
         set remote-auth disable
         set peer-auth disable
         set trusthost1 0.0.0.0 0.0.0.0
         set trusthost2 0.0.0.0 0.0.0.0
         set trusthost3 0.0.0.0 0.0.0.0
         set accprofile " prof_admin" 
         set comments ' ' 
         set vdom " root" 
         unset ssh-public-key1
         unset ssh-public-key2
         unset ssh-public-key3
         set schedule ' ' 
             config dashboard
                 edit " licinfo" 
                     set column 1
                     set status open
                 next
                 edit " jsconsole" 
                     set column 1
                     set status close
                 next
                 edit " sysres" 
                     set column 1
                     set show-fds-chart enable
                     set show-fortianalyzer-chart enable
                     set status open
                 next
                 edit " sysop" 
                     set column 1
                     set status open
                 next
                 edit " sysinfo" 
                     set column 2
                     set status open
                 next
                 edit " alert" 
                     set column 2
                     set show-conserve-mode enable
                     set show-firmware-change enable
                     set show-system-restart enable
                     set status close
                 next
                 edit " statistics" 
                     set column 2
                     set status open
                 next
                     set column 1
                     set show-fds-chart enable
                     set show-fortianalyzer-chart enable
                     set status open
                 next
                 edit " sysop" 
                     set column 1
                     set status open
                 next
                 edit " sysinfo" 
                     set column 2
                     set status open
                 next
                 edit " alert" 
                     set column 2
                     set show-conserve-mode enable
                     set show-firmware-change enable
                     set show-system-restart enable
                     set status close
                 next
                 edit " statistics" 
                     set column 2
                     set status open
                 next
              end
         set password ENC AK13DEr+pGzT+  etc..
     next
 end
 FGT50B $  
 
Thank you RØ
abelio

Ok, it' s clear now: you only have an admin account with ' prof_admin' and no one with ' super_admin' profile. Agree with you: you could need that profile for certain tasks. Well, I don' t know other non-disruptive procedures that this one, mainly used for recover admin passwd; maybe others in the forum could point another path. use this thread as reference: http://support.fortinet.com/forum/tm.asp?m=41433 after logged as maintainer user you could type:
 config system admin
     edit " admin" 
         set accprofile " super_admin" 
     next
 end
 
hope it helps,

regards




/ Abel

regards / Abel
rodeca
New Contributor

Thank you for your quick reply. As I' m now leaving the town (no, no problem with the sheriff), it' ll take some days before I try and I can say how it resulted. See you RØ
romanr
Valued Contributor

You will only need the super_admin profile/account if you use virtual domains!! If you don' t have virtual domains, then there is no difference and you don' t need to bother actually! I also sometimes lost the ' super_admin' profile, because i did backup and recover with only ' prof_admin' profiles! This is how it gets lost ;)! cheers.roman
rodeca
New Contributor

It' s me again, back home. Abel, applied procedure and now I have a " super_admin" . Roman, I lost that profile after a reset-to-factory + restore-backup Restored backup included only a ' config system admin' + ' edit " 1" ' . So may be I deleted the original " admin" account and created another one with that same name . Anyway, everything is OK now. Thank you all RØ
bouchlk
New Contributor

Hey there,

 

Hope you are all doing well,

 

I have the same problem and I tried to recover the super admin account using CLI and maintainer account, but I got below error:

 

# edit "admin"

'maintainer' account can only edit existing admins.

node_check_object fail! for name admin

 

value parse error before 'admin'

Command fail. Return code -37

 

Is there any way to know the super admin account as I can't see them with my profil admin

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors