I am trying to run cli to create admin accounts on fortigates: cd c:\Program Files\PuTTY plink.exe -l username -pw password fgt_ipaddress C:\pat_to_command.txt pause and then in command.txt: config system admin edit test set accprofile "super_admin" set password test end I keep getting the "unknow action 0" which according to fgt doc: "If you do not enter a known command, the CLI will return an error message such as: Unknown action 0" Would appreciate lil help on understanding what is going wrong here.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
if you connect FGT through SSH, type "edit test" without type "config system admin" at first, you will get a "Unknown action". From "config..." to "end" can be considered 1 conversational command, not 5 independent commands.
You may check my post "Is that possible for a scheduled shutdown?" which I have answered myself.
jiangchundi wrote:if you connect FGT through SSH, type "edit test" without type "config system admin" at first, you will get a "Unknown action". From "config..." to "end" can be considered 1 conversational command, not 5 independent commands.
You may check my post "Is that possible for a scheduled shutdown?" which I have answered myself.
Thanks for the response.
I did not get that though. I have added config sys admin and then added edit <usrname>. Can't figure out what is wrong here.
config system admin
edit <adminuser>
set accprofile "super_admin"
set password <password>
end
You can use PowerShell and SSH.Net library to do this, not Putty.exe or Plink.exe.
$client = New-Object Renci.SshNet.SshClient($hostip,"admin",$passwd) $client.Connect(); sleep 1 if ($client.IsConnected){ $stream = $client.CreateShellStream("Test",0,0,0,0,1000); sleep 1 $log += $stream.Read(); sleep 1 $stream.Write("config system admin`n"); $stream.Flush(); sleep 1 $log += $stream.Read(); sleep 1 $stream.Write("edit test`n"); $stream.Flush(); sleep 1 $log += $stream.Read(); sleep 1
....... $stream.Write("end`n"); $stream.Flush(); sleep 1 $stream.Close() ........
jiangchundi wrote:You can use PowerShell and SSH.Net library to do this, not Putty.exe or Plink.exe.
$client = New-Object Renci.SshNet.SshClient($hostip,"admin",$passwd) $client.Connect(); sleep 1 if ($client.IsConnected){ $stream = $client.CreateShellStream("Test",0,0,0,0,1000); sleep 1 $log += $stream.Read(); sleep 1 $stream.Write("config system admin`n"); $stream.Flush(); sleep 1 $log += $stream.Read(); sleep 1 $stream.Write("edit test`n"); $stream.Flush(); sleep 1 $log += $stream.Read(); sleep 1
....... $stream.Write("end`n"); $stream.Flush(); sleep 1 $stream.Close() ........
I can use this as a batch file? I will look into this and report back asap.
you can call powershell.exe from a bactch file:
pathtotheexe\powershell.exe pathtoscript\scriptname.ps1
you can call powershell.exe from a bactch file:
pathtotheexe\powershell.exe pathtoscript\scriptname.ps1
to use the library, before new-object, you need to:
Add-Type -Path "pathtothedll\Renci.SshNet.dll"
You do not have VDOM structure?
if there is one config global config sys admin editor admin password set 1234856 end end
Why don't you use the batch command interface for this? See System > Config > Advanced.
Write down the commands into a text file, one command per line, then upload it as a batch command. File extension can be anything.
Now for debugging which line throws the error:
connect to the Console
enter this:
diag debug enable
diag deb cli 7
- now do the upload and watch the messages -
to reset:
diag deb cli 3
diag deb dis
ede_pfau wrote:Why don't you use the batch command interface for this? See System > Config > Advanced.
Write down the commands into a text file, one command per line, then upload it as a batch command. File extension can be anything.
Now for debugging which line throws the error:
connect to the Console
enter this:
diag debug enable
diag deb cli 7
- now do the upload and watch the messages -
to reset:
diag deb cli 3
diag deb dis
I got the following debug log. I uploaded an .conf file with the syntax as follows, is it something to do with the spacing etc?
I have no experience to understand this debug output so will google for it and report back.
config system admin
edit testadmin
set password testsnaadmin#
set acc_profile super_admin
end
SNA # diagnose debug cli 3
SNA # diagnose debug disable
SNA # diagnose debug enable
SNA # diagnose debug cli 9[K7
SNA # 0: config system admin
0: edit testadmin
0: set password testsnaadmin#
-61: set acc_profile super_admin
0: config system admin
0: edit "testadmin"
0: unset vdom
entry 0x313f298:0xbefedba8 duplicated action=add, vdom=root, node=system.admin.vdom.name, key=root, cmf_shm_api.c,__bsearch_index,291.
cmf_query_shm.c:1926, Add table index error: type=4
0: end
-56: endcmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
SNA # diagnose debug disable [K[K[K[K[K[K[Kcli 3
SNA # diagnose debug disable
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1629 | |
1060 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.