Hi,
I've a very huge problem about admin rights. I've a new costumer with a Fortigate firewall and i've reset the fortigate admin password(because they didn't had);.. but i still haven't the full super_admin permission.
In fact the account can't see Administrators profile and i figured out that the admin account is an prof_admin.
Is it possible to change an admin account from prof_admin to super admin?
In the past i've done with a backup config but i had the backup file. Now i've no config backups files and no way to backup or restore fortigate config with the prof_admin account. I'm also wondering if there is another hidden account as super_admin?
I'm very stuck in this bad situation and i can't do a factory reset.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You need to be a "suer_admin" to make a user as a super_admin. If you don't have, or know the password for, any other super_admin users on the box, you need to go through the password recovering process you can find somewhere in this forum or on the internet. The "maintainer" user for the process must be a super_user so you can change anything you want to change.
You need to be a "suer_admin" to make a user as a super_admin. If you don't have, or know the password for, any other super_admin users on the box, you need to go through the password recovering process you can find somewhere in this forum or on the internet. The "maintainer" user for the process must be a super_user so you can change anything you want to change.
Hi,
I've tried but from maintainer account o can't change the accprofile from pro_admin to super_admin because i get an the error -61. You think is possible from maintainer change the profile of other users?
Thank you very much,
Michele.
Try creating a temp admin account with super_admin rights. Then try logging into the fgt normally with this temp admin account.
e.g.
config system admin edit "temp_admin" set accprofile "super_admin" set password <password> next end
Alternately, see if you can perform a backup of the config to a USB stick (san password) and see if you can read it later (in a text editor) you should be able to edit/change/add the accprofile line to your admin account, save it as a new config and try uploading that via USB or via the GUI (following a factory reset). A word of caution about this approach as you need to be absolutely sure you have a couple of good backups of the config running on the fgt.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
As stated before, only a super_admin can create a super_admin account. So, no dice.
What I'd try is to login as 'maintainer', export the config, change the account setting, and restore. It might work but I haven't tried before. Logging in as 'maintainer' is a tedious job, also.
I know this is a very old thread but I run into the same issue, that for some reason one of our Fortigates had the "admin" access-profile set to "prof_admin" and there was no other "super_admin" configured.
since the fortigate was placed at the remote location, password reset was no options.
luckily I found a much better solution reset the accessprofile for the admin without the need of a password reset or reload!
all you need is a radius server, which is able to return the VSA "Fortinet-Access-Profile"
you can find a full list here: Fortinet VSA List
what you need todo then is:
- configure radius for authentication
- create or re-use an existing admin user for remote auth
- configure accprofile-override enable
- auth against the radius server
- return Fortinet-Access-Profile=super_admin
you should now have super_admin privs, which allow you to assign "super_admin" to any admin account
example config for remote auth:
config system admin
edit "RADIUS_ADMIN"
set remote-auth enable
set accprofile "dummy"
set vdom "root"
set wildcard enable
set remote-group "xxxx"
set accprofile-override enable
end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.