Docs Home
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
fortimanager.ObjectUserRadius
Explore with Pulumi AI
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
Configure RADIUS server entries.
The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.
accounting_server:fortimanager.ObjectUserRadiusAccountingserverdynamic_mapping:fortimanager.ObjectUserRadiusDynamicMapping
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortimanager from "@pulumi/fortimanager";
const labelname = new fortimanager.ObjectUserRadius("labelname", {
acctAllServers: "disable",
acctInterimInterval: 0,
allUsergroup: "disable",
authType: "auto",
classes: [],
h3cCompatibility: "disable",
interfaceSelectMethod: "auto",
nasIp: "0.0.0.0",
passwordEncoding: "auto",
passwordRenewal: "enable",
radiusCoa: "disable",
radiusPort: 0,
rsso: "disable",
rssoContextTimeout: 0,
rssoEpOneIpOnly: "disable",
rssoLogFlags: [],
rssoLogPeriod: 0,
rssoRadiusServerPort: 0,
rssoSecrets: [],
secondarySecrets: ["tesssssss"],
secrets: ["tesssssss"],
server: "2.2.2.2",
ssoAttributeValueOverride: "enable",
switchControllerAcctFastFramedipDetect: 2,
switchControllerServiceTypes: [],
tertiarySecrets: ["tesssssss"],
timeout: 5,
useManagementVdom: "disable",
usernameCaseSensitive: "disable",
});
import pulumi
import pulumi_fortimanager as fortimanager
labelname = fortimanager.ObjectUserRadius("labelname",
acct_all_servers="disable",
acct_interim_interval=0,
all_usergroup="disable",
auth_type="auto",
classes=[],
h3c_compatibility="disable",
interface_select_method="auto",
nas_ip="0.0.0.0",
password_encoding="auto",
password_renewal="enable",
radius_coa="disable",
radius_port=0,
rsso="disable",
rsso_context_timeout=0,
rsso_ep_one_ip_only="disable",
rsso_log_flags=[],
rsso_log_period=0,
rsso_radius_server_port=0,
rsso_secrets=[],
secondary_secrets=["tesssssss"],
secrets=["tesssssss"],
server="2.2.2.2",
sso_attribute_value_override="enable",
switch_controller_acct_fast_framedip_detect=2,
switch_controller_service_types=[],
tertiary_secrets=["tesssssss"],
timeout=5,
use_management_vdom="disable",
username_case_sensitive="disable")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/fortimanager/fortimanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := fortimanager.NewObjectUserRadius(ctx, "labelname", &fortimanager.ObjectUserRadiusArgs{
AcctAllServers: pulumi.String("disable"),
AcctInterimInterval: pulumi.Float64(0),
AllUsergroup: pulumi.String("disable"),
AuthType: pulumi.String("auto"),
Classes: pulumi.StringArray{},
H3cCompatibility: pulumi.String("disable"),
InterfaceSelectMethod: pulumi.String("auto"),
NasIp: pulumi.String("0.0.0.0"),
PasswordEncoding: pulumi.String("auto"),
PasswordRenewal: pulumi.String("enable"),
RadiusCoa: pulumi.String("disable"),
RadiusPort: pulumi.Float64(0),
Rsso: pulumi.String("disable"),
RssoContextTimeout: pulumi.Float64(0),
RssoEpOneIpOnly: pulumi.String("disable"),
RssoLogFlags: pulumi.StringArray{},
RssoLogPeriod: pulumi.Float64(0),
RssoRadiusServerPort: pulumi.Float64(0),
RssoSecrets: pulumi.StringArray{},
SecondarySecrets: pulumi.StringArray{
pulumi.String("tesssssss"),
},
Secrets: pulumi.StringArray{
pulumi.String("tesssssss"),
},
Server: pulumi.String("2.2.2.2"),
SsoAttributeValueOverride: pulumi.String("enable"),
SwitchControllerAcctFastFramedipDetect: pulumi.Float64(2),
SwitchControllerServiceTypes: pulumi.StringArray{},
TertiarySecrets: pulumi.StringArray{
pulumi.String("tesssssss"),
},
Timeout: pulumi.Float64(5),
UseManagementVdom: pulumi.String("disable"),
UsernameCaseSensitive: pulumi.String("disable"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortimanager = Pulumi.Fortimanager;
return await Deployment.RunAsync(() =>
{
var labelname = new Fortimanager.ObjectUserRadius("labelname", new()
{
AcctAllServers = "disable",
AcctInterimInterval = 0,
AllUsergroup = "disable",
AuthType = "auto",
Classes = new[] {},
H3cCompatibility = "disable",
InterfaceSelectMethod = "auto",
NasIp = "0.0.0.0",
PasswordEncoding = "auto",
PasswordRenewal = "enable",
RadiusCoa = "disable",
RadiusPort = 0,
Rsso = "disable",
RssoContextTimeout = 0,
RssoEpOneIpOnly = "disable",
RssoLogFlags = new[] {},
RssoLogPeriod = 0,
RssoRadiusServerPort = 0,
RssoSecrets = new[] {},
SecondarySecrets = new[]
{
"tesssssss",
},
Secrets = new[]
{
"tesssssss",
},
Server = "2.2.2.2",
SsoAttributeValueOverride = "enable",
SwitchControllerAcctFastFramedipDetect = 2,
SwitchControllerServiceTypes = new[] {},
TertiarySecrets = new[]
{
"tesssssss",
},
Timeout = 5,
UseManagementVdom = "disable",
UsernameCaseSensitive = "disable",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.ObjectUserRadius;
import com.pulumi.fortimanager.ObjectUserRadiusArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var labelname = new ObjectUserRadius("labelname", ObjectUserRadiusArgs.builder()
.acctAllServers("disable")
.acctInterimInterval(0)
.allUsergroup("disable")
.authType("auto")
.classes()
.h3cCompatibility("disable")
.interfaceSelectMethod("auto")
.nasIp("0.0.0.0")
.passwordEncoding("auto")
.passwordRenewal("enable")
.radiusCoa("disable")
.radiusPort(0)
.rsso("disable")
.rssoContextTimeout(0)
.rssoEpOneIpOnly("disable")
.rssoLogFlags()
.rssoLogPeriod(0)
.rssoRadiusServerPort(0)
.rssoSecrets()
.secondarySecrets("tesssssss")
.secrets("tesssssss")
.server("2.2.2.2")
.ssoAttributeValueOverride("enable")
.switchControllerAcctFastFramedipDetect(2)
.switchControllerServiceTypes()
.tertiarySecrets("tesssssss")
.timeout(5)
.useManagementVdom("disable")
.usernameCaseSensitive("disable")
.build());
}
}
resources:
labelname:
type: fortimanager:ObjectUserRadius
properties:
acctAllServers: disable
acctInterimInterval: 0
allUsergroup: disable
authType: auto
classes: []
h3cCompatibility: disable
interfaceSelectMethod: auto
nasIp: 0.0.0.0
passwordEncoding: auto
passwordRenewal: enable
radiusCoa: disable
radiusPort: 0
rsso: disable
rssoContextTimeout: 0
rssoEpOneIpOnly: disable
rssoLogFlags: []
rssoLogPeriod: 0
rssoRadiusServerPort: 0
rssoSecrets: []
secondarySecrets:
- tesssssss
secrets:
- tesssssss
server: 2.2.2.2
ssoAttributeValueOverride: enable
switchControllerAcctFastFramedipDetect: 2
switchControllerServiceTypes: []
tertiarySecrets:
- tesssssss
timeout: 5
useManagementVdom: disable
usernameCaseSensitive: disable
Create ObjectUserRadius Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ObjectUserRadius(name: string, args?: ObjectUserRadiusArgs, opts?: CustomResourceOptions);@overload
def ObjectUserRadius(resource_name: str,
args: Optional[ObjectUserRadiusArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ObjectUserRadius(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_key_cert_field: Optional[str] = None,
account_key_processing: Optional[str] = None,
accounting_servers: Optional[Sequence[ObjectUserRadiusAccountingServerArgs]] = None,
acct_all_servers: Optional[str] = None,
acct_interim_interval: Optional[float] = None,
adom: Optional[str] = None,
all_usergroup: Optional[str] = None,
auth_type: Optional[str] = None,
ca_cert: Optional[str] = None,
call_station_id_type: Optional[str] = None,
classes: Optional[Sequence[str]] = None,
client_cert: Optional[str] = None,
delimiter: Optional[str] = None,
dynamic_mappings: Optional[Sequence[ObjectUserRadiusDynamicMappingArgs]] = None,
dynamic_sort_subtable: Optional[str] = None,
group_override_attr_type: Optional[str] = None,
h3c_compatibility: Optional[str] = None,
interface: Optional[str] = None,
interface_select_method: Optional[str] = None,
mac_case: Optional[str] = None,
mac_password_delimiter: Optional[str] = None,
mac_username_delimiter: Optional[str] = None,
name: Optional[str] = None,
nas_id: Optional[str] = None,
nas_id_type: Optional[str] = None,
nas_ip: Optional[str] = None,
object_user_radius_id: Optional[str] = None,
password_encoding: Optional[str] = None,
password_renewal: Optional[str] = None,
radius_coa: Optional[str] = None,
radius_port: Optional[float] = None,
rsso: Optional[str] = None,
rsso_context_timeout: Optional[float] = None,
rsso_endpoint_attribute: Optional[str] = None,
rsso_endpoint_block_attribute: Optional[str] = None,
rsso_ep_one_ip_only: Optional[str] = None,
rsso_flush_ip_session: Optional[str] = None,
rsso_log_flags: Optional[Sequence[str]] = None,
rsso_log_period: Optional[float] = None,
rsso_radius_response: Optional[str] = None,
rsso_radius_server_port: Optional[float] = None,
rsso_secrets: Optional[Sequence[str]] = None,
rsso_validate_request_secret: Optional[str] = None,
scopetype: Optional[str] = None,
secondary_secrets: Optional[Sequence[str]] = None,
secondary_server: Optional[str] = None,
secrets: Optional[Sequence[str]] = None,
server: Optional[str] = None,
server_identity_check: Optional[str] = None,
source_ip: Optional[str] = None,
source_ip_interfaces: Optional[Sequence[str]] = None,
sso_attribute: Optional[str] = None,
sso_attribute_key: Optional[str] = None,
sso_attribute_value_override: Optional[str] = None,
status_ttl: Optional[float] = None,
switch_controller_acct_fast_framedip_detect: Optional[float] = None,
switch_controller_nas_ip_dynamic: Optional[str] = None,
switch_controller_service_types: Optional[Sequence[str]] = None,
tertiary_secrets: Optional[Sequence[str]] = None,
tertiary_server: Optional[str] = None,
timeout: Optional[float] = None,
tls_min_proto_version: Optional[str] = None,
transport_protocol: Optional[str] = None,
use_management_vdom: Optional[str] = None,
username_case_sensitive: Optional[str] = None)func NewObjectUserRadius(ctx *Context, name string, args *ObjectUserRadiusArgs, opts ...ResourceOption) (*ObjectUserRadius, error)public ObjectUserRadius(string name, ObjectUserRadiusArgs? args = null, CustomResourceOptions? opts = null)
public ObjectUserRadius(String name, ObjectUserRadiusArgs args)
public ObjectUserRadius(String name, ObjectUserRadiusArgs args, CustomResourceOptions options)
type: fortimanager:ObjectUserRadius
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ObjectUserRadiusArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ObjectUserRadiusArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ObjectUserRadiusArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ObjectUserRadiusArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ObjectUserRadiusArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var objectUserRadiusResource = new Fortimanager.ObjectUserRadius("objectUserRadiusResource", new()
{
AccountKeyCertField = "string",
AccountKeyProcessing = "string",
AccountingServers = new[]
{
new Fortimanager.Inputs.ObjectUserRadiusAccountingServerArgs
{
Id = 0,
Interface = "string",
InterfaceSelectMethod = "string",
Port = 0,
Secrets = new[]
{
"string",
},
Server = "string",
SourceIp = "string",
Status = "string",
},
},
AcctAllServers = "string",
AcctInterimInterval = 0,
Adom = "string",
AllUsergroup = "string",
AuthType = "string",
CaCert = "string",
CallStationIdType = "string",
Classes = new[]
{
"string",
},
ClientCert = "string",
Delimiter = "string",
DynamicMappings = new[]
{
new Fortimanager.Inputs.ObjectUserRadiusDynamicMappingArgs
{
_scopes = new[]
{
new Fortimanager.Inputs.ObjectUserRadiusDynamicMapping_ScopeArgs
{
Name = "string",
Vdom = "string",
},
},
AccountKeyCertField = "string",
AccountKeyProcessing = "string",
AccountingServers = new[]
{
new Fortimanager.Inputs.ObjectUserRadiusDynamicMappingAccountingServerArgs
{
Id = 0,
Interface = "string",
InterfaceSelectMethod = "string",
Port = 0,
Secrets = new[]
{
"string",
},
Server = "string",
SourceIp = "string",
Status = "string",
},
},
AcctAllServers = "string",
AcctInterimInterval = 0,
AllUsergroup = "string",
AuthType = "string",
CaCert = "string",
CallStationIdType = "string",
Classes = new[]
{
"string",
},
ClientCert = "string",
Delimiter = "string",
DpCarrierEndpointAttribute = "string",
DpCarrierEndpointBlockAttribute = "string",
DpContextTimeout = 0,
DpFlushIpSession = "string",
DpHoldTime = 0,
DpHttpHeader = "string",
DpHttpHeaderFallback = "string",
DpHttpHeaderStatus = "string",
DpHttpHeaderSuppress = "string",
DpLogDynFlags = new[]
{
"string",
},
DpLogPeriod = 0,
DpMemPercent = 0,
DpProfileAttribute = "string",
DpProfileAttributeKey = "string",
DpRadiusResponse = "string",
DpRadiusServerPort = 0,
DpSecrets = new[]
{
"string",
},
DpValidateRequestSecret = "string",
DynamicProfile = "string",
EndpointTranslation = "string",
EpCarrierEndpointConvertHex = "string",
EpCarrierEndpointHeader = "string",
EpCarrierEndpointHeaderSuppress = "string",
EpCarrierEndpointPrefix = "string",
EpCarrierEndpointPrefixRangeMax = 0,
EpCarrierEndpointPrefixRangeMin = 0,
EpCarrierEndpointPrefixString = "string",
EpCarrierEndpointSource = "string",
EpIpHeader = "string",
EpIpHeaderSuppress = "string",
EpMissingHeaderFallback = "string",
EpProfileQueryType = "string",
GroupOverrideAttrType = "string",
H3cCompatibility = "string",
Interface = "string",
InterfaceSelectMethod = "string",
MacCase = "string",
MacPasswordDelimiter = "string",
MacUsernameDelimiter = "string",
NasId = "string",
NasIdType = "string",
NasIp = "string",
PasswordEncoding = "string",
PasswordRenewal = "string",
RadiusCoa = "string",
RadiusPort = 0,
Rsso = "string",
RssoContextTimeout = 0,
RssoEndpointAttribute = "string",
RssoEndpointBlockAttribute = "string",
RssoEpOneIpOnly = "string",
RssoFlushIpSession = "string",
RssoLogFlags = new[]
{
"string",
},
RssoLogPeriod = 0,
RssoRadiusResponse = "string",
RssoRadiusServerPort = 0,
RssoSecrets = new[]
{
"string",
},
RssoValidateRequestSecret = "string",
SecondarySecrets = new[]
{
"string",
},
SecondaryServer = "string",
Secrets = new[]
{
"string",
},
Server = "string",
ServerIdentityCheck = "string",
SourceIp = "string",
SourceIpInterfaces = new[]
{
"string",
},
SsoAttribute = "string",
SsoAttributeKey = "string",
SsoAttributeValueOverride = "string",
StatusTtl = 0,
SwitchControllerAcctFastFramedipDetect = 0,
SwitchControllerNasIpDynamic = "string",
SwitchControllerServiceTypes = new[]
{
"string",
},
TertiarySecrets = new[]
{
"string",
},
TertiaryServer = "string",
Timeout = 0,
TlsMinProtoVersion = "string",
TransportProtocol = "string",
UseGroupForProfile = "string",
UseManagementVdom = "string",
UsernameCaseSensitive = "string",
},
},
DynamicSortSubtable = "string",
GroupOverrideAttrType = "string",
H3cCompatibility = "string",
Interface = "string",
InterfaceSelectMethod = "string",
MacCase = "string",
MacPasswordDelimiter = "string",
MacUsernameDelimiter = "string",
Name = "string",
NasId = "string",
NasIdType = "string",
NasIp = "string",
ObjectUserRadiusId = "string",
PasswordEncoding = "string",
PasswordRenewal = "string",
RadiusCoa = "string",
RadiusPort = 0,
Rsso = "string",
RssoContextTimeout = 0,
RssoEndpointAttribute = "string",
RssoEndpointBlockAttribute = "string",
RssoEpOneIpOnly = "string",
RssoFlushIpSession = "string",
RssoLogFlags = new[]
{
"string",
},
RssoLogPeriod = 0,
RssoRadiusResponse = "string",
RssoRadiusServerPort = 0,
RssoSecrets = new[]
{
"string",
},
RssoValidateRequestSecret = "string",
Scopetype = "string",
SecondarySecrets = new[]
{
"string",
},
SecondaryServer = "string",
Secrets = new[]
{
"string",
},
Server = "string",
ServerIdentityCheck = "string",
SourceIp = "string",
SourceIpInterfaces = new[]
{
"string",
},
SsoAttribute = "string",
SsoAttributeKey = "string",
SsoAttributeValueOverride = "string",
StatusTtl = 0,
SwitchControllerAcctFastFramedipDetect = 0,
SwitchControllerNasIpDynamic = "string",
SwitchControllerServiceTypes = new[]
{
"string",
},
TertiarySecrets = new[]
{
"string",
},
TertiaryServer = "string",
Timeout = 0,
TlsMinProtoVersion = "string",
TransportProtocol = "string",
UseManagementVdom = "string",
UsernameCaseSensitive = "string",
});
example, err := fortimanager.NewObjectUserRadius(ctx, "objectUserRadiusResource", &fortimanager.ObjectUserRadiusArgs{
AccountKeyCertField: pulumi.String("string"),
AccountKeyProcessing: pulumi.String("string"),
AccountingServers: .ObjectUserRadiusAccountingServerTypeArray{
&.ObjectUserRadiusAccountingServerTypeArgs{
Id: pulumi.Float64(0),
Interface: pulumi.String("string"),
InterfaceSelectMethod: pulumi.String("string"),
Port: pulumi.Float64(0),
Secrets: pulumi.StringArray{
pulumi.String("string"),
},
Server: pulumi.String("string"),
SourceIp: pulumi.String("string"),
Status: pulumi.String("string"),
},
},
AcctAllServers: pulumi.String("string"),
AcctInterimInterval: pulumi.Float64(0),
Adom: pulumi.String("string"),
AllUsergroup: pulumi.String("string"),
AuthType: pulumi.String("string"),
CaCert: pulumi.String("string"),
CallStationIdType: pulumi.String("string"),
Classes: pulumi.StringArray{
pulumi.String("string"),
},
ClientCert: pulumi.String("string"),
Delimiter: pulumi.String("string"),
DynamicMappings: .ObjectUserRadiusDynamicMappingTypeArray{
&.ObjectUserRadiusDynamicMappingTypeArgs{
_scopes: .ObjectUserRadiusDynamicMapping_ScopeArray{
&.ObjectUserRadiusDynamicMapping_ScopeArgs{
Name: pulumi.String("string"),
Vdom: pulumi.String("string"),
},
},
AccountKeyCertField: pulumi.String("string"),
AccountKeyProcessing: pulumi.String("string"),
AccountingServers: .ObjectUserRadiusDynamicMappingAccountingServerTypeArray{
&.ObjectUserRadiusDynamicMappingAccountingServerTypeArgs{
Id: pulumi.Float64(0),
Interface: pulumi.String("string"),
InterfaceSelectMethod: pulumi.String("string"),
Port: pulumi.Float64(0),
Secrets: pulumi.StringArray{
pulumi.String("string"),
},
Server: pulumi.String("string"),
SourceIp: pulumi.String("string"),
Status: pulumi.String("string"),
},
},
AcctAllServers: pulumi.String("string"),
AcctInterimInterval: pulumi.Float64(0),
AllUsergroup: pulumi.String("string"),
AuthType: pulumi.String("string"),
CaCert: pulumi.String("string"),
CallStationIdType: pulumi.String("string"),
Classes: pulumi.StringArray{
pulumi.String("string"),
},
ClientCert: pulumi.String("string"),
Delimiter: pulumi.String("string"),
DpCarrierEndpointAttribute: pulumi.String("string"),
DpCarrierEndpointBlockAttribute: pulumi.String("string"),
DpContextTimeout: pulumi.Float64(0),
DpFlushIpSession: pulumi.String("string"),
DpHoldTime: pulumi.Float64(0),
DpHttpHeader: pulumi.String("string"),
DpHttpHeaderFallback: pulumi.String("string"),
DpHttpHeaderStatus: pulumi.String("string"),
DpHttpHeaderSuppress: pulumi.String("string"),
DpLogDynFlags: pulumi.StringArray{
pulumi.String("string"),
},
DpLogPeriod: pulumi.Float64(0),
DpMemPercent: pulumi.Float64(0),
DpProfileAttribute: pulumi.String("string"),
DpProfileAttributeKey: pulumi.String("string"),
DpRadiusResponse: pulumi.String("string"),
DpRadiusServerPort: pulumi.Float64(0),
DpSecrets: pulumi.StringArray{
pulumi.String("string"),
},
DpValidateRequestSecret: pulumi.String("string"),
DynamicProfile: pulumi.String("string"),
EndpointTranslation: pulumi.String("string"),
EpCarrierEndpointConvertHex: pulumi.String("string"),
EpCarrierEndpointHeader: pulumi.String("string"),
EpCarrierEndpointHeaderSuppress: pulumi.String("string"),
EpCarrierEndpointPrefix: pulumi.String("string"),
EpCarrierEndpointPrefixRangeMax: pulumi.Float64(0),
EpCarrierEndpointPrefixRangeMin: pulumi.Float64(0),
EpCarrierEndpointPrefixString: pulumi.String("string"),
EpCarrierEndpointSource: pulumi.String("string"),
EpIpHeader: pulumi.String("string"),
EpIpHeaderSuppress: pulumi.String("string"),
EpMissingHeaderFallback: pulumi.String("string"),
EpProfileQueryType: pulumi.String("string"),
GroupOverrideAttrType: pulumi.String("string"),
H3cCompatibility: pulumi.String("string"),
Interface: pulumi.String("string"),
InterfaceSelectMethod: pulumi.String("string"),
MacCase: pulumi.String("string"),
MacPasswordDelimiter: pulumi.String("string"),
MacUsernameDelimiter: pulumi.String("string"),
NasId: pulumi.String("string"),
NasIdType: pulumi.String("string"),
NasIp: pulumi.String("string"),
PasswordEncoding: pulumi.String("string"),
PasswordRenewal: pulumi.String("string"),
RadiusCoa: pulumi.String("string"),
RadiusPort: pulumi.Float64(0),
Rsso: pulumi.String("string"),
RssoContextTimeout: pulumi.Float64(0),
RssoEndpointAttribute: pulumi.String("string"),
RssoEndpointBlockAttribute: pulumi.String("string"),
RssoEpOneIpOnly: pulumi.String("string"),
RssoFlushIpSession: pulumi.String("string"),
RssoLogFlags: pulumi.StringArray{
pulumi.String("string"),
},
RssoLogPeriod: pulumi.Float64(0),
RssoRadiusResponse: pulumi.String("string"),
RssoRadiusServerPort: pulumi.Float64(0),
RssoSecrets: pulumi.StringArray{
pulumi.String("string"),
},
RssoValidateRequestSecret: pulumi.String("string"),
SecondarySecrets: pulumi.StringArray{
pulumi.String("string"),
},
SecondaryServer: pulumi.String("string"),
Secrets: pulumi.StringArray{
pulumi.String("string"),
},
Server: pulumi.String("string"),
ServerIdentityCheck: pulumi.String("string"),
SourceIp: pulumi.String("string"),
SourceIpInterfaces: pulumi.StringArray{
pulumi.String("string"),
},
SsoAttribute: pulumi.String("string"),
SsoAttributeKey: pulumi.String("string"),
SsoAttributeValueOverride: pulumi.String("string"),
StatusTtl: pulumi.Float64(0),
SwitchControllerAcctFastFramedipDetect: pulumi.Float64(0),
SwitchControllerNasIpDynamic: pulumi.String("string"),
SwitchControllerServiceTypes: pulumi.StringArray{
pulumi.String("string"),
},
TertiarySecrets: pulumi.StringArray{
pulumi.String("string"),
},
TertiaryServer: pulumi.String("string"),
Timeout: pulumi.Float64(0),
TlsMinProtoVersion: pulumi.String("string"),
TransportProtocol: pulumi.String("string"),
UseGroupForProfile: pulumi.String("string"),
UseManagementVdom: pulumi.String("string"),
UsernameCaseSensitive: pulumi.String("string"),
},
},
DynamicSortSubtable: pulumi.String("string"),
GroupOverrideAttrType: pulumi.String("string"),
H3cCompatibility: pulumi.String("string"),
Interface: pulumi.String("string"),
InterfaceSelectMethod: pulumi.String("string"),
MacCase: pulumi.String("string"),
MacPasswordDelimiter: pulumi.String("string"),
MacUsernameDelimiter: pulumi.String("string"),
Name: pulumi.String("string"),
NasId: pulumi.String("string"),
NasIdType: pulumi.String("string"),
NasIp: pulumi.String("string"),
ObjectUserRadiusId: pulumi.String("string"),
PasswordEncoding: pulumi.String("string"),
PasswordRenewal: pulumi.String("string"),
RadiusCoa: pulumi.String("string"),
RadiusPort: pulumi.Float64(0),
Rsso: pulumi.String("string"),
RssoContextTimeout: pulumi.Float64(0),
RssoEndpointAttribute: pulumi.String("string"),
RssoEndpointBlockAttribute: pulumi.String("string"),
RssoEpOneIpOnly: pulumi.String("string"),
RssoFlushIpSession: pulumi.String("string"),
RssoLogFlags: pulumi.StringArray{
pulumi.String("string"),
},
RssoLogPeriod: pulumi.Float64(0),
RssoRadiusResponse: pulumi.String("string"),
RssoRadiusServerPort: pulumi.Float64(0),
RssoSecrets: pulumi.StringArray{
pulumi.String("string"),
},
RssoValidateRequestSecret: pulumi.String("string"),
Scopetype: pulumi.String("string"),
SecondarySecrets: pulumi.StringArray{
pulumi.String("string"),
},
SecondaryServer: pulumi.String("string"),
Secrets: pulumi.StringArray{
pulumi.String("string"),
},
Server: pulumi.String("string"),
ServerIdentityCheck: pulumi.String("string"),
SourceIp: pulumi.String("string"),
SourceIpInterfaces: pulumi.StringArray{
pulumi.String("string"),
},
SsoAttribute: pulumi.String("string"),
SsoAttributeKey: pulumi.String("string"),
SsoAttributeValueOverride: pulumi.String("string"),
StatusTtl: pulumi.Float64(0),
SwitchControllerAcctFastFramedipDetect: pulumi.Float64(0),
SwitchControllerNasIpDynamic: pulumi.String("string"),
SwitchControllerServiceTypes: pulumi.StringArray{
pulumi.String("string"),
},
TertiarySecrets: pulumi.StringArray{
pulumi.String("string"),
},
TertiaryServer: pulumi.String("string"),
Timeout: pulumi.Float64(0),
TlsMinProtoVersion: pulumi.String("string"),
TransportProtocol: pulumi.String("string"),
UseManagementVdom: pulumi.String("string"),
UsernameCaseSensitive: pulumi.String("string"),
})
var objectUserRadiusResource = new ObjectUserRadius("objectUserRadiusResource", ObjectUserRadiusArgs.builder()
.accountKeyCertField("string")
.accountKeyProcessing("string")
.accountingServers(ObjectUserRadiusAccountingServerArgs.builder()
.id(0)
.interface_("string")
.interfaceSelectMethod("string")
.port(0)
.secrets("string")
.server("string")
.sourceIp("string")
.status("string")
.build())
.acctAllServers("string")
.acctInterimInterval(0)
.adom("string")
.allUsergroup("string")
.authType("string")
.caCert("string")
.callStationIdType("string")
.classes("string")
.clientCert("string")
.delimiter("string")
.dynamicMappings(ObjectUserRadiusDynamicMappingArgs.builder()
._scopes(ObjectUserRadiusDynamicMapping_ScopeArgs.builder()
.name("string")
.vdom("string")
.build())
.accountKeyCertField("string")
.accountKeyProcessing("string")
.accountingServers(ObjectUserRadiusDynamicMappingAccountingServerArgs.builder()
.id(0)
.interface_("string")
.interfaceSelectMethod("string")
.port(0)
.secrets("string")
.server("string")
.sourceIp("string")
.status("string")
.build())
.acctAllServers("string")
.acctInterimInterval(0)
.allUsergroup("string")
.authType("string")
.caCert("string")
.callStationIdType("string")
.classes("string")
.clientCert("string")
.delimiter("string")
.dpCarrierEndpointAttribute("string")
.dpCarrierEndpointBlockAttribute("string")
.dpContextTimeout(0)
.dpFlushIpSession("string")
.dpHoldTime(0)
.dpHttpHeader("string")
.dpHttpHeaderFallback("string")
.dpHttpHeaderStatus("string")
.dpHttpHeaderSuppress("string")
.dpLogDynFlags("string")
.dpLogPeriod(0)
.dpMemPercent(0)
.dpProfileAttribute("string")
.dpProfileAttributeKey("string")
.dpRadiusResponse("string")
.dpRadiusServerPort(0)
.dpSecrets("string")
.dpValidateRequestSecret("string")
.dynamicProfile("string")
.endpointTranslation("string")
.epCarrierEndpointConvertHex("string")
.epCarrierEndpointHeader("string")
.epCarrierEndpointHeaderSuppress("string")
.epCarrierEndpointPrefix("string")
.epCarrierEndpointPrefixRangeMax(0)
.epCarrierEndpointPrefixRangeMin(0)
.epCarrierEndpointPrefixString("string")
.epCarrierEndpointSource("string")
.epIpHeader("string")
.epIpHeaderSuppress("string")
.epMissingHeaderFallback("string")
.epProfileQueryType("string")
.groupOverrideAttrType("string")
.h3cCompatibility("string")
.interface_("string")
.interfaceSelectMethod("string")
.macCase("string")
.macPasswordDelimiter("string")
.macUsernameDelimiter("string")
.nasId("string")
.nasIdType("string")
.nasIp("string")
.passwordEncoding("string")
.passwordRenewal("string")
.radiusCoa("string")
.radiusPort(0)
.rsso("string")
.rssoContextTimeout(0)
.rssoEndpointAttribute("string")
.rssoEndpointBlockAttribute("string")
.rssoEpOneIpOnly("string")
.rssoFlushIpSession("string")
.rssoLogFlags("string")
.rssoLogPeriod(0)
.rssoRadiusResponse("string")
.rssoRadiusServerPort(0)
.rssoSecrets("string")
.rssoValidateRequestSecret("string")
.secondarySecrets("string")
.secondaryServer("string")
.secrets("string")
.server("string")
.serverIdentityCheck("string")
.sourceIp("string")
.sourceIpInterfaces("string")
.ssoAttribute("string")
.ssoAttributeKey("string")
.ssoAttributeValueOverride("string")
.statusTtl(0)
.switchControllerAcctFastFramedipDetect(0)
.switchControllerNasIpDynamic("string")
.switchControllerServiceTypes("string")
.tertiarySecrets("string")
.tertiaryServer("string")
.timeout(0)
.tlsMinProtoVersion("string")
.transportProtocol("string")
.useGroupForProfile("string")
.useManagementVdom("string")
.usernameCaseSensitive("string")
.build())
.dynamicSortSubtable("string")
.groupOverrideAttrType("string")
.h3cCompatibility("string")
.interface_("string")
.interfaceSelectMethod("string")
.macCase("string")
.macPasswordDelimiter("string")
.macUsernameDelimiter("string")
.name("string")
.nasId("string")
.nasIdType("string")
.nasIp("string")
.objectUserRadiusId("string")
.passwordEncoding("string")
.passwordRenewal("string")
.radiusCoa("string")
.radiusPort(0)
.rsso("string")
.rssoContextTimeout(0)
.rssoEndpointAttribute("string")
.rssoEndpointBlockAttribute("string")
.rssoEpOneIpOnly("string")
.rssoFlushIpSession("string")
.rssoLogFlags("string")
.rssoLogPeriod(0)
.rssoRadiusResponse("string")
.rssoRadiusServerPort(0)
.rssoSecrets("string")
.rssoValidateRequestSecret("string")
.scopetype("string")
.secondarySecrets("string")
.secondaryServer("string")
.secrets("string")
.server("string")
.serverIdentityCheck("string")
.sourceIp("string")
.sourceIpInterfaces("string")
.ssoAttribute("string")
.ssoAttributeKey("string")
.ssoAttributeValueOverride("string")
.statusTtl(0)
.switchControllerAcctFastFramedipDetect(0)
.switchControllerNasIpDynamic("string")
.switchControllerServiceTypes("string")
.tertiarySecrets("string")
.tertiaryServer("string")
.timeout(0)
.tlsMinProtoVersion("string")
.transportProtocol("string")
.useManagementVdom("string")
.usernameCaseSensitive("string")
.build());
object_user_radius_resource = fortimanager.ObjectUserRadius("objectUserRadiusResource",
account_key_cert_field="string",
account_key_processing="string",
accounting_servers=[{
"id": 0,
"interface": "string",
"interface_select_method": "string",
"port": 0,
"secrets": ["string"],
"server": "string",
"source_ip": "string",
"status": "string",
}],
acct_all_servers="string",
acct_interim_interval=0,
adom="string",
all_usergroup="string",
auth_type="string",
ca_cert="string",
call_station_id_type="string",
classes=["string"],
client_cert="string",
delimiter="string",
dynamic_mappings=[{
"_scopes": [{
"name": "string",
"vdom": "string",
}],
"account_key_cert_field": "string",
"account_key_processing": "string",
"accounting_servers": [{
"id": 0,
"interface": "string",
"interface_select_method": "string",
"port": 0,
"secrets": ["string"],
"server": "string",
"source_ip": "string",
"status": "string",
}],
"acct_all_servers": "string",
"acct_interim_interval": 0,
"all_usergroup": "string",
"auth_type": "string",
"ca_cert": "string",
"call_station_id_type": "string",
"classes": ["string"],
"client_cert": "string",
"delimiter": "string",
"dp_carrier_endpoint_attribute": "string",
"dp_carrier_endpoint_block_attribute": "string",
"dp_context_timeout": 0,
"dp_flush_ip_session": "string",
"dp_hold_time": 0,
"dp_http_header": "string",
"dp_http_header_fallback": "string",
"dp_http_header_status": "string",
"dp_http_header_suppress": "string",
"dp_log_dyn_flags": ["string"],
"dp_log_period": 0,
"dp_mem_percent": 0,
"dp_profile_attribute": "string",
"dp_profile_attribute_key": "string",
"dp_radius_response": "string",
"dp_radius_server_port": 0,
"dp_secrets": ["string"],
"dp_validate_request_secret": "string",
"dynamic_profile": "string",
"endpoint_translation": "string",
"ep_carrier_endpoint_convert_hex": "string",
"ep_carrier_endpoint_header": "string",
"ep_carrier_endpoint_header_suppress": "string",
"ep_carrier_endpoint_prefix": "string",
"ep_carrier_endpoint_prefix_range_max": 0,
"ep_carrier_endpoint_prefix_range_min": 0,
"ep_carrier_endpoint_prefix_string": "string",
"ep_carrier_endpoint_source": "string",
"ep_ip_header": "string",
"ep_ip_header_suppress": "string",
"ep_missing_header_fallback": "string",
"ep_profile_query_type": "string",
"group_override_attr_type": "string",
"h3c_compatibility": "string",
"interface": "string",
"interface_select_method": "string",
"mac_case": "string",
"mac_password_delimiter": "string",
"mac_username_delimiter": "string",
"nas_id": "string",
"nas_id_type": "string",
"nas_ip": "string",
"password_encoding": "string",
"password_renewal": "string",
"radius_coa": "string",
"radius_port": 0,
"rsso": "string",
"rsso_context_timeout": 0,
"rsso_endpoint_attribute": "string",
"rsso_endpoint_block_attribute": "string",
"rsso_ep_one_ip_only": "string",
"rsso_flush_ip_session": "string",
"rsso_log_flags": ["string"],
"rsso_log_period": 0,
"rsso_radius_response": "string",
"rsso_radius_server_port": 0,
"rsso_secrets": ["string"],
"rsso_validate_request_secret": "string",
"secondary_secrets": ["string"],
"secondary_server": "string",
"secrets": ["string"],
"server": "string",
"server_identity_check": "string",
"source_ip": "string",
"source_ip_interfaces": ["string"],
"sso_attribute": "string",
"sso_attribute_key": "string",
"sso_attribute_value_override": "string",
"status_ttl": 0,
"switch_controller_acct_fast_framedip_detect": 0,
"switch_controller_nas_ip_dynamic": "string",
"switch_controller_service_types": ["string"],
"tertiary_secrets": ["string"],
"tertiary_server": "string",
"timeout": 0,
"tls_min_proto_version": "string",
"transport_protocol": "string",
"use_group_for_profile": "string",
"use_management_vdom": "string",
"username_case_sensitive": "string",
}],
dynamic_sort_subtable="string",
group_override_attr_type="string",
h3c_compatibility="string",
interface="string",
interface_select_method="string",
mac_case="string",
mac_password_delimiter="string",
mac_username_delimiter="string",
name="string",
nas_id="string",
nas_id_type="string",
nas_ip="string",
object_user_radius_id="string",
password_encoding="string",
password_renewal="string",
radius_coa="string",
radius_port=0,
rsso="string",
rsso_context_timeout=0,
rsso_endpoint_attribute="string",
rsso_endpoint_block_attribute="string",
rsso_ep_one_ip_only="string",
rsso_flush_ip_session="string",
rsso_log_flags=["string"],
rsso_log_period=0,
rsso_radius_response="string",
rsso_radius_server_port=0,
rsso_secrets=["string"],
rsso_validate_request_secret="string",
scopetype="string",
secondary_secrets=["string"],
secondary_server="string",
secrets=["string"],
server="string",
server_identity_check="string",
source_ip="string",
source_ip_interfaces=["string"],
sso_attribute="string",
sso_attribute_key="string",
sso_attribute_value_override="string",
status_ttl=0,
switch_controller_acct_fast_framedip_detect=0,
switch_controller_nas_ip_dynamic="string",
switch_controller_service_types=["string"],
tertiary_secrets=["string"],
tertiary_server="string",
timeout=0,
tls_min_proto_version="string",
transport_protocol="string",
use_management_vdom="string",
username_case_sensitive="string")
const objectUserRadiusResource = new fortimanager.ObjectUserRadius("objectUserRadiusResource", {
accountKeyCertField: "string",
accountKeyProcessing: "string",
accountingServers: [{
id: 0,
"interface": "string",
interfaceSelectMethod: "string",
port: 0,
secrets: ["string"],
server: "string",
sourceIp: "string",
status: "string",
}],
acctAllServers: "string",
acctInterimInterval: 0,
adom: "string",
allUsergroup: "string",
authType: "string",
caCert: "string",
callStationIdType: "string",
classes: ["string"],
clientCert: "string",
delimiter: "string",
dynamicMappings: [{
_scopes: [{
name: "string",
vdom: "string",
}],
accountKeyCertField: "string",
accountKeyProcessing: "string",
accountingServers: [{
id: 0,
"interface": "string",
interfaceSelectMethod: "string",
port: 0,
secrets: ["string"],
server: "string",
sourceIp: "string",
status: "string",
}],
acctAllServers: "string",
acctInterimInterval: 0,
allUsergroup: "string",
authType: "string",
caCert: "string",
callStationIdType: "string",
classes: ["string"],
clientCert: "string",
delimiter: "string",
dpCarrierEndpointAttribute: "string",
dpCarrierEndpointBlockAttribute: "string",
dpContextTimeout: 0,
dpFlushIpSession: "string",
dpHoldTime: 0,
dpHttpHeader: "string",
dpHttpHeaderFallback: "string",
dpHttpHeaderStatus: "string",
dpHttpHeaderSuppress: "string",
dpLogDynFlags: ["string"],
dpLogPeriod: 0,
dpMemPercent: 0,
dpProfileAttribute: "string",
dpProfileAttributeKey: "string",
dpRadiusResponse: "string",
dpRadiusServerPort: 0,
dpSecrets: ["string"],
dpValidateRequestSecret: "string",
dynamicProfile: "string",
endpointTranslation: "string",
epCarrierEndpointConvertHex: "string",
epCarrierEndpointHeader: "string",
epCarrierEndpointHeaderSuppress: "string",
epCarrierEndpointPrefix: "string",
epCarrierEndpointPrefixRangeMax: 0,
epCarrierEndpointPrefixRangeMin: 0,
epCarrierEndpointPrefixString: "string",
epCarrierEndpointSource: "string",
epIpHeader: "string",
epIpHeaderSuppress: "string",
epMissingHeaderFallback: "string",
epProfileQueryType: "string",
groupOverrideAttrType: "string",
h3cCompatibility: "string",
"interface": "string",
interfaceSelectMethod: "string",
macCase: "string",
macPasswordDelimiter: "string",
macUsernameDelimiter: "string",
nasId: "string",
nasIdType: "string",
nasIp: "string",
passwordEncoding: "string",
passwordRenewal: "string",
radiusCoa: "string",
radiusPort: 0,
rsso: "string",
rssoContextTimeout: 0,
rssoEndpointAttribute: "string",
rssoEndpointBlockAttribute: "string",
rssoEpOneIpOnly: "string",
rssoFlushIpSession: "string",
rssoLogFlags: ["string"],
rssoLogPeriod: 0,
rssoRadiusResponse: "string",
rssoRadiusServerPort: 0,
rssoSecrets: ["string"],
rssoValidateRequestSecret: "string",
secondarySecrets: ["string"],
secondaryServer: "string",
secrets: ["string"],
server: "string",
serverIdentityCheck: "string",
sourceIp: "string",
sourceIpInterfaces: ["string"],
ssoAttribute: "string",
ssoAttributeKey: "string",
ssoAttributeValueOverride: "string",
statusTtl: 0,
switchControllerAcctFastFramedipDetect: 0,
switchControllerNasIpDynamic: "string",
switchControllerServiceTypes: ["string"],
tertiarySecrets: ["string"],
tertiaryServer: "string",
timeout: 0,
tlsMinProtoVersion: "string",
transportProtocol: "string",
useGroupForProfile: "string",
useManagementVdom: "string",
usernameCaseSensitive: "string",
}],
dynamicSortSubtable: "string",
groupOverrideAttrType: "string",
h3cCompatibility: "string",
"interface": "string",
interfaceSelectMethod: "string",
macCase: "string",
macPasswordDelimiter: "string",
macUsernameDelimiter: "string",
name: "string",
nasId: "string",
nasIdType: "string",
nasIp: "string",
objectUserRadiusId: "string",
passwordEncoding: "string",
passwordRenewal: "string",
radiusCoa: "string",
radiusPort: 0,
rsso: "string",
rssoContextTimeout: 0,
rssoEndpointAttribute: "string",
rssoEndpointBlockAttribute: "string",
rssoEpOneIpOnly: "string",
rssoFlushIpSession: "string",
rssoLogFlags: ["string"],
rssoLogPeriod: 0,
rssoRadiusResponse: "string",
rssoRadiusServerPort: 0,
rssoSecrets: ["string"],
rssoValidateRequestSecret: "string",
scopetype: "string",
secondarySecrets: ["string"],
secondaryServer: "string",
secrets: ["string"],
server: "string",
serverIdentityCheck: "string",
sourceIp: "string",
sourceIpInterfaces: ["string"],
ssoAttribute: "string",
ssoAttributeKey: "string",
ssoAttributeValueOverride: "string",
statusTtl: 0,
switchControllerAcctFastFramedipDetect: 0,
switchControllerNasIpDynamic: "string",
switchControllerServiceTypes: ["string"],
tertiarySecrets: ["string"],
tertiaryServer: "string",
timeout: 0,
tlsMinProtoVersion: "string",
transportProtocol: "string",
useManagementVdom: "string",
usernameCaseSensitive: "string",
});
type: fortimanager:ObjectUserRadius
properties:
accountKeyCertField: string
accountKeyProcessing: string
accountingServers:
- id: 0
interface: string
interfaceSelectMethod: string
port: 0
secrets:
- string
server: string
sourceIp: string
status: string
acctAllServers: string
acctInterimInterval: 0
adom: string
allUsergroup: string
authType: string
caCert: string
callStationIdType: string
classes:
- string
clientCert: string
delimiter: string
dynamicMappings:
- _scopes:
- name: string
vdom: string
accountKeyCertField: string
accountKeyProcessing: string
accountingServers:
- id: 0
interface: string
interfaceSelectMethod: string
port: 0
secrets:
- string
server: string
sourceIp: string
status: string
acctAllServers: string
acctInterimInterval: 0
allUsergroup: string
authType: string
caCert: string
callStationIdType: string
classes:
- string
clientCert: string
delimiter: string
dpCarrierEndpointAttribute: string
dpCarrierEndpointBlockAttribute: string
dpContextTimeout: 0
dpFlushIpSession: string
dpHoldTime: 0
dpHttpHeader: string
dpHttpHeaderFallback: string
dpHttpHeaderStatus: string
dpHttpHeaderSuppress: string
dpLogDynFlags:
- string
dpLogPeriod: 0
dpMemPercent: 0
dpProfileAttribute: string
dpProfileAttributeKey: string
dpRadiusResponse: string
dpRadiusServerPort: 0
dpSecrets:
- string
dpValidateRequestSecret: string
dynamicProfile: string
endpointTranslation: string
epCarrierEndpointConvertHex: string
epCarrierEndpointHeader: string
epCarrierEndpointHeaderSuppress: string
epCarrierEndpointPrefix: string
epCarrierEndpointPrefixRangeMax: 0
epCarrierEndpointPrefixRangeMin: 0
epCarrierEndpointPrefixString: string
epCarrierEndpointSource: string
epIpHeader: string
epIpHeaderSuppress: string
epMissingHeaderFallback: string
epProfileQueryType: string
groupOverrideAttrType: string
h3cCompatibility: string
interface: string
interfaceSelectMethod: string
macCase: string
macPasswordDelimiter: string
macUsernameDelimiter: string
nasId: string
nasIdType: string
nasIp: string
passwordEncoding: string
passwordRenewal: string
radiusCoa: string
radiusPort: 0
rsso: string
rssoContextTimeout: 0
rssoEndpointAttribute: string
rssoEndpointBlockAttribute: string
rssoEpOneIpOnly: string
rssoFlushIpSession: string
rssoLogFlags:
- string
rssoLogPeriod: 0
rssoRadiusResponse: string
rssoRadiusServerPort: 0
rssoSecrets:
- string
rssoValidateRequestSecret: string
secondarySecrets:
- string
secondaryServer: string
secrets:
- string
server: string
serverIdentityCheck: string
sourceIp: string
sourceIpInterfaces:
- string
ssoAttribute: string
ssoAttributeKey: string
ssoAttributeValueOverride: string
statusTtl: 0
switchControllerAcctFastFramedipDetect: 0
switchControllerNasIpDynamic: string
switchControllerServiceTypes:
- string
tertiarySecrets:
- string
tertiaryServer: string
timeout: 0
tlsMinProtoVersion: string
transportProtocol: string
useGroupForProfile: string
useManagementVdom: string
usernameCaseSensitive: string
dynamicSortSubtable: string
groupOverrideAttrType: string
h3cCompatibility: string
interface: string
interfaceSelectMethod: string
macCase: string
macPasswordDelimiter: string
macUsernameDelimiter: string
name: string
nasId: string
nasIdType: string
nasIp: string
objectUserRadiusId: string
passwordEncoding: string
passwordRenewal: string
radiusCoa: string
radiusPort: 0
rsso: string
rssoContextTimeout: 0
rssoEndpointAttribute: string
rssoEndpointBlockAttribute: string
rssoEpOneIpOnly: string
rssoFlushIpSession: string
rssoLogFlags:
- string
rssoLogPeriod: 0
rssoRadiusResponse: string
rssoRadiusServerPort: 0
rssoSecrets:
- string
rssoValidateRequestSecret: string
scopetype: string
secondarySecrets:
- string
secondaryServer: string
secrets:
- string
server: string
serverIdentityCheck: string
sourceIp: string
sourceIpInterfaces:
- string
ssoAttribute: string
ssoAttributeKey: string
ssoAttributeValueOverride: string
statusTtl: 0
switchControllerAcctFastFramedipDetect: 0
switchControllerNasIpDynamic: string
switchControllerServiceTypes:
- string
tertiarySecrets:
- string
tertiaryServer: string
timeout: 0
tlsMinProtoVersion: string
transportProtocol: string
useManagementVdom: string
usernameCaseSensitive: string
ObjectUserRadius Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ObjectUserRadius resource accepts the following input properties:
- Account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - Account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - Accounting
Servers List<ObjectUser Radius Accounting Server> - Accounting-Server. The structure of
accounting_serverblock is documented below. - Acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - Acct
Interim doubleInterval - Time in seconds between each accounting interim update message.
- Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - All
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - Auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - Ca
Cert string - CA of server to trust under TLS.
- Call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - Classes List<string>
- Class attribute name(s).
- Client
Cert string - Client certificate to use under TLS.
- Delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus,comma. - Dynamic
Mappings List<ObjectUser Radius Dynamic Mapping> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Group
Override stringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id,class. - H3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - Mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - Mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - Mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - Name string
- RADIUS server entry name.
- Nas
Id string - Custom NAS identifier.
- Nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - Nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- Object
User stringRadius Id - an identifier for the resource with format {{name}}.
- Password
Encoding string - Password encoding. Valid values:
ISO-8859-1,auto. - Password
Renewal string - Enable/disable password renewal. Valid values:
disable,enable. - Radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - Radius
Port double - RADIUS service port number.
- Rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - Rsso
Context doubleTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- Rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - Rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - Rsso
Log List<string>Flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - Rsso
Log doublePeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- Rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - Rsso
Radius doubleServer Port - UDP port to listen on for RADIUS Start and Stop records.
- Rsso
Secrets List<string> - RADIUS secret used by the RADIUS accounting server.
- Rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Secondary
Secrets List<string> - Secret key to access the secondary server.
- Secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- Secrets List<string>
- Pre-shared secret key used to access the primary RADIUS server.
- Server string
- Primary RADIUS server CN domain name or IP address.
- Server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - Source
Ip string - Source IP address for communications to the RADIUS server.
- Source
Ip List<string>Interfaces - Source interface for communication with the RADIUS server.
- Sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- Sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - Status
Ttl double - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- Switch
Controller doubleAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- Switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - Switch
Controller List<string>Service Types - RADIUS service type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - Tertiary
Secrets List<string> - Secret key to access the tertiary server.
- Tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- Timeout double
- Time in seconds between re-sending authentication requests.
- Tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - Transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - Use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - Username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
- Account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - Account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - Accounting
Servers []ObjectUser Radius Accounting Server Type Args - Accounting-Server. The structure of
accounting_serverblock is documented below. - Acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - Acct
Interim float64Interval - Time in seconds between each accounting interim update message.
- Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - All
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - Auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - Ca
Cert string - CA of server to trust under TLS.
- Call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - Classes []string
- Class attribute name(s).
- Client
Cert string - Client certificate to use under TLS.
- Delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus,comma. - Dynamic
Mappings []ObjectUser Radius Dynamic Mapping Type Args - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Group
Override stringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id,class. - H3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - Mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - Mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - Mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - Name string
- RADIUS server entry name.
- Nas
Id string - Custom NAS identifier.
- Nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - Nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- Object
User stringRadius Id - an identifier for the resource with format {{name}}.
- Password
Encoding string - Password encoding. Valid values:
ISO-8859-1,auto. - Password
Renewal string - Enable/disable password renewal. Valid values:
disable,enable. - Radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - Radius
Port float64 - RADIUS service port number.
- Rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - Rsso
Context float64Timeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- Rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - Rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - Rsso
Log []stringFlags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - Rsso
Log float64Period - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- Rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - Rsso
Radius float64Server Port - UDP port to listen on for RADIUS Start and Stop records.
- Rsso
Secrets []string - RADIUS secret used by the RADIUS accounting server.
- Rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Secondary
Secrets []string - Secret key to access the secondary server.
- Secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- Secrets []string
- Pre-shared secret key used to access the primary RADIUS server.
- Server string
- Primary RADIUS server CN domain name or IP address.
- Server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - Source
Ip string - Source IP address for communications to the RADIUS server.
- Source
Ip []stringInterfaces - Source interface for communication with the RADIUS server.
- Sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- Sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - Status
Ttl float64 - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- Switch
Controller float64Acct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- Switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - Switch
Controller []stringService Types - RADIUS service type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - Tertiary
Secrets []string - Secret key to access the tertiary server.
- Tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- Timeout float64
- Time in seconds between re-sending authentication requests.
- Tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - Transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - Use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - Username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
- account
Key StringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - account
Key StringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - accounting
Servers List<ObjectUser Radius Accounting Server> - Accounting-Server. The structure of
accounting_serverblock is documented below. - acct
All StringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - acct
Interim DoubleInterval - Time in seconds between each accounting interim update message.
- adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - all
Usergroup String - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - auth
Type String - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - ca
Cert String - CA of server to trust under TLS.
- call
Station StringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - classes List<String>
- Class attribute name(s).
- client
Cert String - Client certificate to use under TLS.
- delimiter String
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus,comma. - dynamic
Mappings List<ObjectUser Radius Dynamic Mapping> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- group
Override StringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id,class. - h3c
Compatibility String - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - interface_ String
- Specify outgoing interface to reach server.
- mac
Case String - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - mac
Password StringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - mac
Username StringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - name String
- RADIUS server entry name.
- nas
Id String - Custom NAS identifier.
- nas
Id StringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - nas
Ip String - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- object
User StringRadius Id - an identifier for the resource with format {{name}}.
- password
Encoding String - Password encoding. Valid values:
ISO-8859-1,auto. - password
Renewal String - Enable/disable password renewal. Valid values:
disable,enable. - radius
Coa String - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - radius
Port Double - RADIUS service port number.
- rsso String
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - rsso
Context DoubleTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint StringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Endpoint StringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Ep StringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - rsso
Flush StringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - rsso
Log List<String>Flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - rsso
Log DoublePeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius StringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - rsso
Radius DoubleServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secrets List<String> - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate StringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary
Secrets List<String> - Secret key to access the secondary server.
- secondary
Server String - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secrets List<String>
- Pre-shared secret key used to access the primary RADIUS server.
- server String
- Primary RADIUS server CN domain name or IP address.
- server
Identity StringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - source
Ip String - Source IP address for communications to the RADIUS server.
- source
Ip List<String>Interfaces - Source interface for communication with the RADIUS server.
- sso
Attribute String - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - sso
Attribute StringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute StringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - status
Ttl Double - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller DoubleAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch
Controller StringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - switch
Controller List<String>Service Types - RADIUS service type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - tertiary
Secrets List<String> - Secret key to access the tertiary server.
- tertiary
Server String - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout Double
- Time in seconds between re-sending authentication requests.
- tls
Min StringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - transport
Protocol String - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - use
Management StringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - username
Case StringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
- account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - accounting
Servers ObjectUser Radius Accounting Server[] - Accounting-Server. The structure of
accounting_serverblock is documented below. - acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - acct
Interim numberInterval - Time in seconds between each accounting interim update message.
- adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - all
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - ca
Cert string - CA of server to trust under TLS.
- call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - classes string[]
- Class attribute name(s).
- client
Cert string - Client certificate to use under TLS.
- delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus,comma. - dynamic
Mappings ObjectUser Radius Dynamic Mapping[] - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- group
Override stringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id,class. - h3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - interface string
- Specify outgoing interface to reach server.
- interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - name string
- RADIUS server entry name.
- nas
Id string - Custom NAS identifier.
- nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- object
User stringRadius Id - an identifier for the resource with format {{name}}.
- password
Encoding string - Password encoding. Valid values:
ISO-8859-1,auto. - password
Renewal string - Enable/disable password renewal. Valid values:
disable,enable. - radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - radius
Port number - RADIUS service port number.
- rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - rsso
Context numberTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - rsso
Log string[]Flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - rsso
Log numberPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - rsso
Radius numberServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secrets string[] - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary
Secrets string[] - Secret key to access the secondary server.
- secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secrets string[]
- Pre-shared secret key used to access the primary RADIUS server.
- server string
- Primary RADIUS server CN domain name or IP address.
- server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - source
Ip string - Source IP address for communications to the RADIUS server.
- source
Ip string[]Interfaces - Source interface for communication with the RADIUS server.
- sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - status
Ttl number - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller numberAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - switch
Controller string[]Service Types - RADIUS service type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - tertiary
Secrets string[] - Secret key to access the tertiary server.
- tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout number
- Time in seconds between re-sending authentication requests.
- tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
- account_
key_ strcert_ field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - account_
key_ strprocessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - accounting_
servers Sequence[ObjectUser Radius Accounting Server Args] - Accounting-Server. The structure of
accounting_serverblock is documented below. - acct_
all_ strservers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - acct_
interim_ floatinterval - Time in seconds between each accounting interim update message.
- adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - all_
usergroup str - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - auth_
type str - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - ca_
cert str - CA of server to trust under TLS.
- call_
station_ strid_ type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - classes Sequence[str]
- Class attribute name(s).
- client_
cert str - Client certificate to use under TLS.
- delimiter str
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus,comma. - dynamic_
mappings Sequence[ObjectUser Radius Dynamic Mapping Args] - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- group_
override_ strattr_ type - RADIUS attribute type to override user group information. Valid values:
filter-Id,class. - h3c_
compatibility str - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - interface str
- Specify outgoing interface to reach server.
- interface_
select_ strmethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - mac_
case str - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - mac_
password_ strdelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - mac_
username_ strdelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - name str
- RADIUS server entry name.
- nas_
id str - Custom NAS identifier.
- nas_
id_ strtype - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - nas_
ip str - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- object_
user_ strradius_ id - an identifier for the resource with format {{name}}.
- password_
encoding str - Password encoding. Valid values:
ISO-8859-1,auto. - password_
renewal str - Enable/disable password renewal. Valid values:
disable,enable. - radius_
coa str - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - radius_
port float - RADIUS service port number.
- rsso str
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - rsso_
context_ floattimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso_
endpoint_ strattribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso_
endpoint_ strblock_ attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso_
ep_ strone_ ip_ only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - rsso_
flush_ strip_ session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - rsso_
log_ Sequence[str]flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - rsso_
log_ floatperiod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso_
radius_ strresponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - rsso_
radius_ floatserver_ port - UDP port to listen on for RADIUS Start and Stop records.
- rsso_
secrets Sequence[str] - RADIUS secret used by the RADIUS accounting server.
- rsso_
validate_ strrequest_ secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary_
secrets Sequence[str] - Secret key to access the secondary server.
- secondary_
server str - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secrets Sequence[str]
- Pre-shared secret key used to access the primary RADIUS server.
- server str
- Primary RADIUS server CN domain name or IP address.
- server_
identity_ strcheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - source_
ip str - Source IP address for communications to the RADIUS server.
- source_
ip_ Sequence[str]interfaces - Source interface for communication with the RADIUS server.
- sso_
attribute str - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - sso_
attribute_ strkey - Key prefix for SSO group value in the SSO attribute.
- sso_
attribute_ strvalue_ override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - status_
ttl float - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch_
controller_ floatacct_ fast_ framedip_ detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch_
controller_ strnas_ ip_ dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - switch_
controller_ Sequence[str]service_ types - RADIUS service type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - tertiary_
secrets Sequence[str] - Secret key to access the tertiary server.
- tertiary_
server str - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout float
- Time in seconds between re-sending authentication requests.
- tls_
min_ strproto_ version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - transport_
protocol str - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - use_
management_ strvdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - username_
case_ strsensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
- account
Key StringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - account
Key StringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - accounting
Servers List<Property Map> - Accounting-Server. The structure of
accounting_serverblock is documented below. - acct
All StringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - acct
Interim NumberInterval - Time in seconds between each accounting interim update message.
- adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - all
Usergroup String - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - auth
Type String - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - ca
Cert String - CA of server to trust under TLS.
- call
Station StringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - classes List<String>
- Class attribute name(s).
- client
Cert String - Client certificate to use under TLS.
- delimiter String
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus,comma. - dynamic
Mappings List<Property Map> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- group
Override StringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id,class. - h3c
Compatibility String - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - interface String
- Specify outgoing interface to reach server.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - mac
Case String - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - mac
Password StringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - mac
Username StringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - name String
- RADIUS server entry name.
- nas
Id String - Custom NAS identifier.
- nas
Id StringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - nas
Ip String - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- object
User StringRadius Id - an identifier for the resource with format {{name}}.
- password
Encoding String - Password encoding. Valid values:
ISO-8859-1,auto. - password
Renewal String - Enable/disable password renewal. Valid values:
disable,enable. - radius
Coa String - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - radius
Port Number - RADIUS service port number.
- rsso String
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - rsso
Context NumberTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint StringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Endpoint StringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Ep StringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - rsso
Flush StringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - rsso
Log List<String>Flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - rsso
Log NumberPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius StringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - rsso
Radius NumberServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secrets List<String> - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate StringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary
Secrets List<String> - Secret key to access the secondary server.
- secondary
Server String - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secrets List<String>
- Pre-shared secret key used to access the primary RADIUS server.
- server String
- Primary RADIUS server CN domain name or IP address.
- server
Identity StringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - source
Ip String - Source IP address for communications to the RADIUS server.
- source
Ip List<String>Interfaces - Source interface for communication with the RADIUS server.
- sso
Attribute String - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - sso
Attribute StringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute StringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - status
Ttl Number - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller NumberAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch
Controller StringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - switch
Controller List<String>Service Types - RADIUS service type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - tertiary
Secrets List<String> - Secret key to access the tertiary server.
- tertiary
Server String - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout Number
- Time in seconds between re-sending authentication requests.
- tls
Min StringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - transport
Protocol String - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - use
Management StringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - username
Case StringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
Outputs
All input properties are implicitly available as output properties. Additionally, the ObjectUserRadius resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ObjectUserRadius Resource
Get an existing ObjectUserRadius resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ObjectUserRadiusState, opts?: CustomResourceOptions): ObjectUserRadius@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_key_cert_field: Optional[str] = None,
account_key_processing: Optional[str] = None,
accounting_servers: Optional[Sequence[ObjectUserRadiusAccountingServerArgs]] = None,
acct_all_servers: Optional[str] = None,
acct_interim_interval: Optional[float] = None,
adom: Optional[str] = None,
all_usergroup: Optional[str] = None,
auth_type: Optional[str] = None,
ca_cert: Optional[str] = None,
call_station_id_type: Optional[str] = None,
classes: Optional[Sequence[str]] = None,
client_cert: Optional[str] = None,
delimiter: Optional[str] = None,
dynamic_mappings: Optional[Sequence[ObjectUserRadiusDynamicMappingArgs]] = None,
dynamic_sort_subtable: Optional[str] = None,
group_override_attr_type: Optional[str] = None,
h3c_compatibility: Optional[str] = None,
interface: Optional[str] = None,
interface_select_method: Optional[str] = None,
mac_case: Optional[str] = None,
mac_password_delimiter: Optional[str] = None,
mac_username_delimiter: Optional[str] = None,
name: Optional[str] = None,
nas_id: Optional[str] = None,
nas_id_type: Optional[str] = None,
nas_ip: Optional[str] = None,
object_user_radius_id: Optional[str] = None,
password_encoding: Optional[str] = None,
password_renewal: Optional[str] = None,
radius_coa: Optional[str] = None,
radius_port: Optional[float] = None,
rsso: Optional[str] = None,
rsso_context_timeout: Optional[float] = None,
rsso_endpoint_attribute: Optional[str] = None,
rsso_endpoint_block_attribute: Optional[str] = None,
rsso_ep_one_ip_only: Optional[str] = None,
rsso_flush_ip_session: Optional[str] = None,
rsso_log_flags: Optional[Sequence[str]] = None,
rsso_log_period: Optional[float] = None,
rsso_radius_response: Optional[str] = None,
rsso_radius_server_port: Optional[float] = None,
rsso_secrets: Optional[Sequence[str]] = None,
rsso_validate_request_secret: Optional[str] = None,
scopetype: Optional[str] = None,
secondary_secrets: Optional[Sequence[str]] = None,
secondary_server: Optional[str] = None,
secrets: Optional[Sequence[str]] = None,
server: Optional[str] = None,
server_identity_check: Optional[str] = None,
source_ip: Optional[str] = None,
source_ip_interfaces: Optional[Sequence[str]] = None,
sso_attribute: Optional[str] = None,
sso_attribute_key: Optional[str] = None,
sso_attribute_value_override: Optional[str] = None,
status_ttl: Optional[float] = None,
switch_controller_acct_fast_framedip_detect: Optional[float] = None,
switch_controller_nas_ip_dynamic: Optional[str] = None,
switch_controller_service_types: Optional[Sequence[str]] = None,
tertiary_secrets: Optional[Sequence[str]] = None,
tertiary_server: Optional[str] = None,
timeout: Optional[float] = None,
tls_min_proto_version: Optional[str] = None,
transport_protocol: Optional[str] = None,
use_management_vdom: Optional[str] = None,
username_case_sensitive: Optional[str] = None) -> ObjectUserRadiusfunc GetObjectUserRadius(ctx *Context, name string, id IDInput, state *ObjectUserRadiusState, opts ...ResourceOption) (*ObjectUserRadius, error)public static ObjectUserRadius Get(string name, Input<string> id, ObjectUserRadiusState? state, CustomResourceOptions? opts = null)public static ObjectUserRadius get(String name, Output<String> id, ObjectUserRadiusState state, CustomResourceOptions options)resources: _: type: fortimanager:ObjectUserRadius get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - Account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - Accounting
Servers List<ObjectUser Radius Accounting Server> - Accounting-Server. The structure of
accounting_serverblock is documented below. - Acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - Acct
Interim doubleInterval - Time in seconds between each accounting interim update message.
- Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - All
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - Auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - Ca
Cert string - CA of server to trust under TLS.
- Call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - Classes List<string>
- Class attribute name(s).
- Client
Cert string - Client certificate to use under TLS.
- Delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus,comma. - Dynamic
Mappings List<ObjectUser Radius Dynamic Mapping> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Group
Override stringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id,class. - H3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - Mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - Mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - Mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - Name string
- RADIUS server entry name.
- Nas
Id string - Custom NAS identifier.
- Nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - Nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- Object
User stringRadius Id - an identifier for the resource with format {{name}}.
- Password
Encoding string - Password encoding. Valid values:
ISO-8859-1,auto. - Password
Renewal string - Enable/disable password renewal. Valid values:
disable,enable. - Radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - Radius
Port double - RADIUS service port number.
- Rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - Rsso
Context doubleTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- Rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - Rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - Rsso
Log List<string>Flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - Rsso
Log doublePeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- Rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - Rsso
Radius doubleServer Port - UDP port to listen on for RADIUS Start and Stop records.
- Rsso
Secrets List<string> - RADIUS secret used by the RADIUS accounting server.
- Rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Secondary
Secrets List<string> - Secret key to access the secondary server.
- Secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- Secrets List<string>
- Pre-shared secret key used to access the primary RADIUS server.
- Server string
- Primary RADIUS server CN domain name or IP address.
- Server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - Source
Ip string - Source IP address for communications to the RADIUS server.
- Source
Ip List<string>Interfaces - Source interface for communication with the RADIUS server.
- Sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- Sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - Status
Ttl double - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- Switch
Controller doubleAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- Switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - Switch
Controller List<string>Service Types - RADIUS service type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - Tertiary
Secrets List<string> - Secret key to access the tertiary server.
- Tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- Timeout double
- Time in seconds between re-sending authentication requests.
- Tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - Transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - Use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - Username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
- Account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - Account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - Accounting
Servers []ObjectUser Radius Accounting Server Type Args - Accounting-Server. The structure of
accounting_serverblock is documented below. - Acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - Acct
Interim float64Interval - Time in seconds between each accounting interim update message.
- Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - All
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - Auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - Ca
Cert string - CA of server to trust under TLS.
- Call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - Classes []string
- Class attribute name(s).
- Client
Cert string - Client certificate to use under TLS.
- Delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus,comma. - Dynamic
Mappings []ObjectUser Radius Dynamic Mapping Type Args - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Group
Override stringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id,class. - H3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - Mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - Mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - Mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - Name string
- RADIUS server entry name.
- Nas
Id string - Custom NAS identifier.
- Nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - Nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- Object
User stringRadius Id - an identifier for the resource with format {{name}}.
- Password
Encoding string - Password encoding. Valid values:
ISO-8859-1,auto. - Password
Renewal string - Enable/disable password renewal. Valid values:
disable,enable. - Radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - Radius
Port float64 - RADIUS service port number.
- Rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - Rsso
Context float64Timeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- Rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - Rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - Rsso
Log []stringFlags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - Rsso
Log float64Period - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- Rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - Rsso
Radius float64Server Port - UDP port to listen on for RADIUS Start and Stop records.
- Rsso
Secrets []string - RADIUS secret used by the RADIUS accounting server.
- Rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Secondary
Secrets []string - Secret key to access the secondary server.
- Secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- Secrets []string
- Pre-shared secret key used to access the primary RADIUS server.
- Server string
- Primary RADIUS server CN domain name or IP address.
- Server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - Source
Ip string - Source IP address for communications to the RADIUS server.
- Source
Ip []stringInterfaces - Source interface for communication with the RADIUS server.
- Sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- Sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - Status
Ttl float64 - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- Switch
Controller float64Acct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- Switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - Switch
Controller []stringService Types - RADIUS service type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - Tertiary
Secrets []string - Secret key to access the tertiary server.
- Tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- Timeout float64
- Time in seconds between re-sending authentication requests.
- Tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - Transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - Use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - Username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
- account
Key StringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - account
Key StringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - accounting
Servers List<ObjectUser Radius Accounting Server> - Accounting-Server. The structure of
accounting_serverblock is documented below. - acct
All StringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - acct
Interim DoubleInterval - Time in seconds between each accounting interim update message.
- adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - all
Usergroup String - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - auth
Type String - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - ca
Cert String - CA of server to trust under TLS.
- call
Station StringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - classes List<String>
- Class attribute name(s).
- client
Cert String - Client certificate to use under TLS.
- delimiter String
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus,comma. - dynamic
Mappings List<ObjectUser Radius Dynamic Mapping> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- group
Override StringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id,class. - h3c
Compatibility String - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - interface_ String
- Specify outgoing interface to reach server.
- mac
Case String - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - mac
Password StringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - mac
Username StringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - name String
- RADIUS server entry name.
- nas
Id String - Custom NAS identifier.
- nas
Id StringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - nas
Ip String - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- object
User StringRadius Id - an identifier for the resource with format {{name}}.
- password
Encoding String - Password encoding. Valid values:
ISO-8859-1,auto. - password
Renewal String - Enable/disable password renewal. Valid values:
disable,enable. - radius
Coa String - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - radius
Port Double - RADIUS service port number.
- rsso String
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - rsso
Context DoubleTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint StringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Endpoint StringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Ep StringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - rsso
Flush StringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - rsso
Log List<String>Flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - rsso
Log DoublePeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius StringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - rsso
Radius DoubleServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secrets List<String> - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate StringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary
Secrets List<String> - Secret key to access the secondary server.
- secondary
Server String - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secrets List<String>
- Pre-shared secret key used to access the primary RADIUS server.
- server String
- Primary RADIUS server CN domain name or IP address.
- server
Identity StringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - source
Ip String - Source IP address for communications to the RADIUS server.
- source
Ip List<String>Interfaces - Source interface for communication with the RADIUS server.
- sso
Attribute String - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - sso
Attribute StringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute StringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - status
Ttl Double - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller DoubleAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch
Controller StringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - switch
Controller List<String>Service Types - RADIUS service type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - tertiary
Secrets List<String> - Secret key to access the tertiary server.
- tertiary
Server String - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout Double
- Time in seconds between re-sending authentication requests.
- tls
Min StringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - transport
Protocol String - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - use
Management StringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - username
Case StringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
- account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - accounting
Servers ObjectUser Radius Accounting Server[] - Accounting-Server. The structure of
accounting_serverblock is documented below. - acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - acct
Interim numberInterval - Time in seconds between each accounting interim update message.
- adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - all
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - ca
Cert string - CA of server to trust under TLS.
- call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - classes string[]
- Class attribute name(s).
- client
Cert string - Client certificate to use under TLS.
- delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus,comma. - dynamic
Mappings ObjectUser Radius Dynamic Mapping[] - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- group
Override stringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id,class. - h3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - interface string
- Specify outgoing interface to reach server.
- interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - name string
- RADIUS server entry name.
- nas
Id string - Custom NAS identifier.
- nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- object
User stringRadius Id - an identifier for the resource with format {{name}}.
- password
Encoding string - Password encoding. Valid values:
ISO-8859-1,auto. - password
Renewal string - Enable/disable password renewal. Valid values:
disable,enable. - radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - radius
Port number - RADIUS service port number.
- rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - rsso
Context numberTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - rsso
Log string[]Flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - rsso
Log numberPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - rsso
Radius numberServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secrets string[] - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary
Secrets string[] - Secret key to access the secondary server.
- secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secrets string[]
- Pre-shared secret key used to access the primary RADIUS server.
- server string
- Primary RADIUS server CN domain name or IP address.
- server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - source
Ip string - Source IP address for communications to the RADIUS server.
- source
Ip string[]Interfaces - Source interface for communication with the RADIUS server.
- sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - status
Ttl number - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller numberAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - switch
Controller string[]Service Types - RADIUS service type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - tertiary
Secrets string[] - Secret key to access the tertiary server.
- tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout number
- Time in seconds between re-sending authentication requests.
- tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
- account_
key_ strcert_ field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - account_
key_ strprocessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - accounting_
servers Sequence[ObjectUser Radius Accounting Server Args] - Accounting-Server. The structure of
accounting_serverblock is documented below. - acct_
all_ strservers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - acct_
interim_ floatinterval - Time in seconds between each accounting interim update message.
- adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - all_
usergroup str - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - auth_
type str - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - ca_
cert str - CA of server to trust under TLS.
- call_
station_ strid_ type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - classes Sequence[str]
- Class attribute name(s).
- client_
cert str - Client certificate to use under TLS.
- delimiter str
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus,comma. - dynamic_
mappings Sequence[ObjectUser Radius Dynamic Mapping Args] - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- group_
override_ strattr_ type - RADIUS attribute type to override user group information. Valid values:
filter-Id,class. - h3c_
compatibility str - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - interface str
- Specify outgoing interface to reach server.
- interface_
select_ strmethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - mac_
case str - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - mac_
password_ strdelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - mac_
username_ strdelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - name str
- RADIUS server entry name.
- nas_
id str - Custom NAS identifier.
- nas_
id_ strtype - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - nas_
ip str - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- object_
user_ strradius_ id - an identifier for the resource with format {{name}}.
- password_
encoding str - Password encoding. Valid values:
ISO-8859-1,auto. - password_
renewal str - Enable/disable password renewal. Valid values:
disable,enable. - radius_
coa str - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - radius_
port float - RADIUS service port number.
- rsso str
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - rsso_
context_ floattimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso_
endpoint_ strattribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso_
endpoint_ strblock_ attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso_
ep_ strone_ ip_ only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - rsso_
flush_ strip_ session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - rsso_
log_ Sequence[str]flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - rsso_
log_ floatperiod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso_
radius_ strresponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - rsso_
radius_ floatserver_ port - UDP port to listen on for RADIUS Start and Stop records.
- rsso_
secrets Sequence[str] - RADIUS secret used by the RADIUS accounting server.
- rsso_
validate_ strrequest_ secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary_
secrets Sequence[str] - Secret key to access the secondary server.
- secondary_
server str - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secrets Sequence[str]
- Pre-shared secret key used to access the primary RADIUS server.
- server str
- Primary RADIUS server CN domain name or IP address.
- server_
identity_ strcheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - source_
ip str - Source IP address for communications to the RADIUS server.
- source_
ip_ Sequence[str]interfaces - Source interface for communication with the RADIUS server.
- sso_
attribute str - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - sso_
attribute_ strkey - Key prefix for SSO group value in the SSO attribute.
- sso_
attribute_ strvalue_ override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - status_
ttl float - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch_
controller_ floatacct_ fast_ framedip_ detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch_
controller_ strnas_ ip_ dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - switch_
controller_ Sequence[str]service_ types - RADIUS service type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - tertiary_
secrets Sequence[str] - Secret key to access the tertiary server.
- tertiary_
server str - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout float
- Time in seconds between re-sending authentication requests.
- tls_
min_ strproto_ version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - transport_
protocol str - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - use_
management_ strvdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - username_
case_ strsensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
- account
Key StringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - account
Key StringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - accounting
Servers List<Property Map> - Accounting-Server. The structure of
accounting_serverblock is documented below. - acct
All StringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - acct
Interim NumberInterval - Time in seconds between each accounting interim update message.
- adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - all
Usergroup String - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - auth
Type String - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - ca
Cert String - CA of server to trust under TLS.
- call
Station StringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - classes List<String>
- Class attribute name(s).
- client
Cert String - Client certificate to use under TLS.
- delimiter String
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus,comma. - dynamic
Mappings List<Property Map> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- group
Override StringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id,class. - h3c
Compatibility String - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - interface String
- Specify outgoing interface to reach server.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - mac
Case String - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - mac
Password StringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - mac
Username StringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - name String
- RADIUS server entry name.
- nas
Id String - Custom NAS identifier.
- nas
Id StringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - nas
Ip String - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- object
User StringRadius Id - an identifier for the resource with format {{name}}.
- password
Encoding String - Password encoding. Valid values:
ISO-8859-1,auto. - password
Renewal String - Enable/disable password renewal. Valid values:
disable,enable. - radius
Coa String - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - radius
Port Number - RADIUS service port number.
- rsso String
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - rsso
Context NumberTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint StringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Endpoint StringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Ep StringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - rsso
Flush StringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - rsso
Log List<String>Flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - rsso
Log NumberPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius StringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - rsso
Radius NumberServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secrets List<String> - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate StringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary
Secrets List<String> - Secret key to access the secondary server.
- secondary
Server String - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secrets List<String>
- Pre-shared secret key used to access the primary RADIUS server.
- server String
- Primary RADIUS server CN domain name or IP address.
- server
Identity StringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - source
Ip String - Source IP address for communications to the RADIUS server.
- source
Ip List<String>Interfaces - Source interface for communication with the RADIUS server.
- sso
Attribute String - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - sso
Attribute StringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute StringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - status
Ttl Number - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller NumberAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch
Controller StringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - switch
Controller List<String>Service Types - RADIUS service type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - tertiary
Secrets List<String> - Secret key to access the tertiary server.
- tertiary
Server String - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout Number
- Time in seconds between re-sending authentication requests.
- tls
Min StringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - transport
Protocol String - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - use
Management StringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - username
Case StringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
Supporting Types
ObjectUserRadiusAccountingServer, ObjectUserRadiusAccountingServerArgs
- Id double
- ID (0 - 4294967295).
- Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - Port double
- RADIUS accounting port number.
- Secrets List<string>
- Secret key.
- Server string
- {<name_str|ip_str>} Server CN domain name or IP.
- Source
Ip string - Source IP address for communications to the RADIUS server.
- Status string
- Status. Valid values:
disable,enable.
- Id float64
- ID (0 - 4294967295).
- Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - Port float64
- RADIUS accounting port number.
- Secrets []string
- Secret key.
- Server string
- {<name_str|ip_str>} Server CN domain name or IP.
- Source
Ip string - Source IP address for communications to the RADIUS server.
- Status string
- Status. Valid values:
disable,enable.
- id Double
- ID (0 - 4294967295).
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - interface_ String
- Specify outgoing interface to reach server.
- port Double
- RADIUS accounting port number.
- secrets List<String>
- Secret key.
- server String
- {<name_str|ip_str>} Server CN domain name or IP.
- source
Ip String - Source IP address for communications to the RADIUS server.
- status String
- Status. Valid values:
disable,enable.
- id number
- ID (0 - 4294967295).
- interface string
- Specify outgoing interface to reach server.
- interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - port number
- RADIUS accounting port number.
- secrets string[]
- Secret key.
- server string
- {<name_str|ip_str>} Server CN domain name or IP.
- source
Ip string - Source IP address for communications to the RADIUS server.
- status string
- Status. Valid values:
disable,enable.
- id float
- ID (0 - 4294967295).
- interface str
- Specify outgoing interface to reach server.
- interface_
select_ strmethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - port float
- RADIUS accounting port number.
- secrets Sequence[str]
- Secret key.
- server str
- {<name_str|ip_str>} Server CN domain name or IP.
- source_
ip str - Source IP address for communications to the RADIUS server.
- status str
- Status. Valid values:
disable,enable.
- id Number
- ID (0 - 4294967295).
- interface String
- Specify outgoing interface to reach server.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - port Number
- RADIUS accounting port number.
- secrets List<String>
- Secret key.
- server String
- {<name_str|ip_str>} Server CN domain name or IP.
- source
Ip String - Source IP address for communications to the RADIUS server.
- status String
- Status. Valid values:
disable,enable.
ObjectUserRadiusDynamicMapping, ObjectUserRadiusDynamicMappingArgs
- Account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - Account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - Accounting
Servers List<ObjectUser Radius Dynamic Mapping Accounting Server> - Accounting-Server. The structure of
accounting_serverblock is documented below. - Acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - Acct
Interim doubleInterval - Time in seconds between each accounting interim update message.
- All
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - Auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - Ca
Cert string - CA of server to trust under TLS.
- Call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - Classes List<string>
- Class attribute name(s).
- Client
Cert string - Client certificate to use under TLS.
- Delimiter string
- Delimiter. Valid values:
plus,comma. - Dp
Carrier stringEndpoint Attribute - Dp-Carrier-Endpoint-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Dp
Carrier stringEndpoint Block Attribute - Dp-Carrier-Endpoint-Block-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Dp
Context doubleTimeout - Dp-Context-Timeout.
- Dp
Flush stringIp Session - Dp-Flush-Ip-Session. Valid values:
disable,enable. - Dp
Hold doubleTime - Dp-Hold-Time.
- Dp
Http stringHeader - Dp-Http-Header.
- Dp
Http stringHeader Fallback - Dp-Http-Header-Fallback. Valid values:
ip-header-address,default-profile. - Dp
Http stringHeader Status - Dp-Http-Header-Status. Valid values:
disable,enable. - Dp
Http stringHeader Suppress - Dp-Http-Header-Suppress. Valid values:
disable,enable. - Dp
Log List<string>Dyn Flags - Dp-Log-Dyn_Flags. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - Dp
Log doublePeriod - Dp-Log-Period.
- Dp
Mem doublePercent - Dp-Mem-Percent.
- Dp
Profile stringAttribute - Dp-Profile-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Dp
Profile stringAttribute Key - Dp-Profile-Attribute-Key.
- Dp
Radius stringResponse - Dp-Radius-Response. Valid values:
disable,enable. - Dp
Radius doubleServer Port - Dp-Radius-Server-Port.
- Dp
Secrets List<string> - Dp-Secret.
- Dp
Validate stringRequest Secret - Dp-Validate-Request-Secret. Valid values:
disable,enable. - Dynamic
Profile string - Dynamic-Profile. Valid values:
disable,enable. - Endpoint
Translation string - Endpoint-Translation. Valid values:
disable,enable. - Ep
Carrier stringEndpoint Convert Hex - Ep-Carrier-Endpoint-Convert-Hex. Valid values:
disable,enable. - Ep
Carrier stringEndpoint Header - Ep-Carrier-Endpoint-Header.
- Ep
Carrier stringEndpoint Header Suppress - Ep-Carrier-Endpoint-Header-Suppress. Valid values:
disable,enable. - Ep
Carrier stringEndpoint Prefix - Ep-Carrier-Endpoint-Prefix. Valid values:
disable,enable. - Ep
Carrier doubleEndpoint Prefix Range Max - Ep-Carrier-Endpoint-Prefix-Range-Max.
- Ep
Carrier doubleEndpoint Prefix Range Min - Ep-Carrier-Endpoint-Prefix-Range-Min.
- Ep
Carrier stringEndpoint Prefix String - Ep-Carrier-Endpoint-Prefix-String.
- Ep
Carrier stringEndpoint Source - Ep-Carrier-Endpoint-Source. Valid values:
http-header,cookie. - Ep
Ip stringHeader - Ep-Ip-Header.
- Ep
Ip stringHeader Suppress - Ep-Ip-Header-Suppress. Valid values:
disable,enable. - Ep
Missing stringHeader Fallback - Ep-Missing-Header-Fallback. Valid values:
session-ip,policy-profile. - Ep
Profile stringQuery Type - Ep-Profile-Query-Type. Valid values:
session-ip,extract-ip,extract-carrier-endpoint. - Group
Override stringAttr Type - Group-Override-Attr-Type. Valid values:
filter-Id,class. - H3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - Mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - Mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - Mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - Nas
Id string - Custom NAS identifier.
- Nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - Nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- Password
Encoding string - Password encoding. Valid values:
ISO-8859-1,auto. - Password
Renewal string - Enable/disable password renewal. Valid values:
disable,enable. - Radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - Radius
Port double - RADIUS service port number.
- Rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - Rsso
Context doubleTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- Rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - Rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - Rsso
Log List<string>Flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - Rsso
Log doublePeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- Rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - Rsso
Radius doubleServer Port - UDP port to listen on for RADIUS Start and Stop records.
- Rsso
Secrets List<string> - RADIUS secret used by the RADIUS accounting server.
- Rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - Secondary
Secrets List<string> - Secret key to access the secondary server.
- Secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- Secrets List<string>
- Pre-shared secret key used to access the primary RADIUS server.
- Server string
- Primary RADIUS server CN domain name or IP address.
- Server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - Source
Ip string - Source IP address for communications to the RADIUS server.
- Source
Ip List<string>Interfaces - Source interface for communication with the RADIUS server.
- Sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- Sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - Status
Ttl double - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- Switch
Controller doubleAcct Fast Framedip Detect - Switch-Controller-Acct-Fast-Framedip-Detect.
- Switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - Switch
Controller List<string>Service Types - Switch-Controller-Service-Type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - Tertiary
Secrets List<string> - Secret key to access the tertiary server.
- Tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- Timeout double
- Time in seconds between re-sending authentication requests.
- Tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - Transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - Use
Group stringFor Profile - Use-Group-For-Profile. Valid values:
disable,enable. - Use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - Username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable. - _
scopes List<ObjectUser Radius Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below.
- Account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - Account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - Accounting
Servers []ObjectUser Radius Dynamic Mapping Accounting Server Type - Accounting-Server. The structure of
accounting_serverblock is documented below. - Acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - Acct
Interim float64Interval - Time in seconds between each accounting interim update message.
- All
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - Auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - Ca
Cert string - CA of server to trust under TLS.
- Call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - Classes []string
- Class attribute name(s).
- Client
Cert string - Client certificate to use under TLS.
- Delimiter string
- Delimiter. Valid values:
plus,comma. - Dp
Carrier stringEndpoint Attribute - Dp-Carrier-Endpoint-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Dp
Carrier stringEndpoint Block Attribute - Dp-Carrier-Endpoint-Block-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Dp
Context float64Timeout - Dp-Context-Timeout.
- Dp
Flush stringIp Session - Dp-Flush-Ip-Session. Valid values:
disable,enable. - Dp
Hold float64Time - Dp-Hold-Time.
- Dp
Http stringHeader - Dp-Http-Header.
- Dp
Http stringHeader Fallback - Dp-Http-Header-Fallback. Valid values:
ip-header-address,default-profile. - Dp
Http stringHeader Status - Dp-Http-Header-Status. Valid values:
disable,enable. - Dp
Http stringHeader Suppress - Dp-Http-Header-Suppress. Valid values:
disable,enable. - Dp
Log []stringDyn Flags - Dp-Log-Dyn_Flags. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - Dp
Log float64Period - Dp-Log-Period.
- Dp
Mem float64Percent - Dp-Mem-Percent.
- Dp
Profile stringAttribute - Dp-Profile-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Dp
Profile stringAttribute Key - Dp-Profile-Attribute-Key.
- Dp
Radius stringResponse - Dp-Radius-Response. Valid values:
disable,enable. - Dp
Radius float64Server Port - Dp-Radius-Server-Port.
- Dp
Secrets []string - Dp-Secret.
- Dp
Validate stringRequest Secret - Dp-Validate-Request-Secret. Valid values:
disable,enable. - Dynamic
Profile string - Dynamic-Profile. Valid values:
disable,enable. - Endpoint
Translation string - Endpoint-Translation. Valid values:
disable,enable. - Ep
Carrier stringEndpoint Convert Hex - Ep-Carrier-Endpoint-Convert-Hex. Valid values:
disable,enable. - Ep
Carrier stringEndpoint Header - Ep-Carrier-Endpoint-Header.
- Ep
Carrier stringEndpoint Header Suppress - Ep-Carrier-Endpoint-Header-Suppress. Valid values:
disable,enable. - Ep
Carrier stringEndpoint Prefix - Ep-Carrier-Endpoint-Prefix. Valid values:
disable,enable. - Ep
Carrier float64Endpoint Prefix Range Max - Ep-Carrier-Endpoint-Prefix-Range-Max.
- Ep
Carrier float64Endpoint Prefix Range Min - Ep-Carrier-Endpoint-Prefix-Range-Min.
- Ep
Carrier stringEndpoint Prefix String - Ep-Carrier-Endpoint-Prefix-String.
- Ep
Carrier stringEndpoint Source - Ep-Carrier-Endpoint-Source. Valid values:
http-header,cookie. - Ep
Ip stringHeader - Ep-Ip-Header.
- Ep
Ip stringHeader Suppress - Ep-Ip-Header-Suppress. Valid values:
disable,enable. - Ep
Missing stringHeader Fallback - Ep-Missing-Header-Fallback. Valid values:
session-ip,policy-profile. - Ep
Profile stringQuery Type - Ep-Profile-Query-Type. Valid values:
session-ip,extract-ip,extract-carrier-endpoint. - Group
Override stringAttr Type - Group-Override-Attr-Type. Valid values:
filter-Id,class. - H3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - Mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - Mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - Mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - Nas
Id string - Custom NAS identifier.
- Nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - Nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- Password
Encoding string - Password encoding. Valid values:
ISO-8859-1,auto. - Password
Renewal string - Enable/disable password renewal. Valid values:
disable,enable. - Radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - Radius
Port float64 - RADIUS service port number.
- Rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - Rsso
Context float64Timeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- Rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - Rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - Rsso
Log []stringFlags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - Rsso
Log float64Period - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- Rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - Rsso
Radius float64Server Port - UDP port to listen on for RADIUS Start and Stop records.
- Rsso
Secrets []string - RADIUS secret used by the RADIUS accounting server.
- Rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - Secondary
Secrets []string - Secret key to access the secondary server.
- Secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- Secrets []string
- Pre-shared secret key used to access the primary RADIUS server.
- Server string
- Primary RADIUS server CN domain name or IP address.
- Server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - Source
Ip string - Source IP address for communications to the RADIUS server.
- Source
Ip []stringInterfaces - Source interface for communication with the RADIUS server.
- Sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - Sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- Sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - Status
Ttl float64 - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- Switch
Controller float64Acct Fast Framedip Detect - Switch-Controller-Acct-Fast-Framedip-Detect.
- Switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - Switch
Controller []stringService Types - Switch-Controller-Service-Type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - Tertiary
Secrets []string - Secret key to access the tertiary server.
- Tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- Timeout float64
- Time in seconds between re-sending authentication requests.
- Tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - Transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - Use
Group stringFor Profile - Use-Group-For-Profile. Valid values:
disable,enable. - Use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - Username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable. - _
scopes []ObjectUser Radius Dynamic Mapping_Scope - _Scope. The structure of
_scopeblock is documented below.
- _
scopes List<ObjectUser Radius Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below. - account
Key StringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - account
Key StringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - accounting
Servers List<ObjectUser Radius Dynamic Mapping Accounting Server> - Accounting-Server. The structure of
accounting_serverblock is documented below. - acct
All StringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - acct
Interim DoubleInterval - Time in seconds between each accounting interim update message.
- all
Usergroup String - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - auth
Type String - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - ca
Cert String - CA of server to trust under TLS.
- call
Station StringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - classes List<String>
- Class attribute name(s).
- client
Cert String - Client certificate to use under TLS.
- delimiter String
- Delimiter. Valid values:
plus,comma. - dp
Carrier StringEndpoint Attribute - Dp-Carrier-Endpoint-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - dp
Carrier StringEndpoint Block Attribute - Dp-Carrier-Endpoint-Block-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - dp
Context DoubleTimeout - Dp-Context-Timeout.
- dp
Flush StringIp Session - Dp-Flush-Ip-Session. Valid values:
disable,enable. - dp
Hold DoubleTime - Dp-Hold-Time.
- dp
Http StringHeader - Dp-Http-Header.
- dp
Http StringHeader Fallback - Dp-Http-Header-Fallback. Valid values:
ip-header-address,default-profile. - dp
Http StringHeader Status - Dp-Http-Header-Status. Valid values:
disable,enable. - dp
Http StringHeader Suppress - Dp-Http-Header-Suppress. Valid values:
disable,enable. - dp
Log List<String>Dyn Flags - Dp-Log-Dyn_Flags. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - dp
Log DoublePeriod - Dp-Log-Period.
- dp
Mem DoublePercent - Dp-Mem-Percent.
- dp
Profile StringAttribute - Dp-Profile-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - dp
Profile StringAttribute Key - Dp-Profile-Attribute-Key.
- dp
Radius StringResponse - Dp-Radius-Response. Valid values:
disable,enable. - dp
Radius DoubleServer Port - Dp-Radius-Server-Port.
- dp
Secrets List<String> - Dp-Secret.
- dp
Validate StringRequest Secret - Dp-Validate-Request-Secret. Valid values:
disable,enable. - dynamic
Profile String - Dynamic-Profile. Valid values:
disable,enable. - endpoint
Translation String - Endpoint-Translation. Valid values:
disable,enable. - ep
Carrier StringEndpoint Convert Hex - Ep-Carrier-Endpoint-Convert-Hex. Valid values:
disable,enable. - ep
Carrier StringEndpoint Header - Ep-Carrier-Endpoint-Header.
- ep
Carrier StringEndpoint Header Suppress - Ep-Carrier-Endpoint-Header-Suppress. Valid values:
disable,enable. - ep
Carrier StringEndpoint Prefix - Ep-Carrier-Endpoint-Prefix. Valid values:
disable,enable. - ep
Carrier DoubleEndpoint Prefix Range Max - Ep-Carrier-Endpoint-Prefix-Range-Max.
- ep
Carrier DoubleEndpoint Prefix Range Min - Ep-Carrier-Endpoint-Prefix-Range-Min.
- ep
Carrier StringEndpoint Prefix String - Ep-Carrier-Endpoint-Prefix-String.
- ep
Carrier StringEndpoint Source - Ep-Carrier-Endpoint-Source. Valid values:
http-header,cookie. - ep
Ip StringHeader - Ep-Ip-Header.
- ep
Ip StringHeader Suppress - Ep-Ip-Header-Suppress. Valid values:
disable,enable. - ep
Missing StringHeader Fallback - Ep-Missing-Header-Fallback. Valid values:
session-ip,policy-profile. - ep
Profile StringQuery Type - Ep-Profile-Query-Type. Valid values:
session-ip,extract-ip,extract-carrier-endpoint. - group
Override StringAttr Type - Group-Override-Attr-Type. Valid values:
filter-Id,class. - h3c
Compatibility String - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - interface_ String
- Specify outgoing interface to reach server.
- mac
Case String - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - mac
Password StringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - mac
Username StringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - nas
Id String - Custom NAS identifier.
- nas
Id StringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - nas
Ip String - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- password
Encoding String - Password encoding. Valid values:
ISO-8859-1,auto. - password
Renewal String - Enable/disable password renewal. Valid values:
disable,enable. - radius
Coa String - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - radius
Port Double - RADIUS service port number.
- rsso String
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - rsso
Context DoubleTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint StringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Endpoint StringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Ep StringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - rsso
Flush StringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - rsso
Log List<String>Flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - rsso
Log DoublePeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius StringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - rsso
Radius DoubleServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secrets List<String> - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate StringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - secondary
Secrets List<String> - Secret key to access the secondary server.
- secondary
Server String - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secrets List<String>
- Pre-shared secret key used to access the primary RADIUS server.
- server String
- Primary RADIUS server CN domain name or IP address.
- server
Identity StringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - source
Ip String - Source IP address for communications to the RADIUS server.
- source
Ip List<String>Interfaces - Source interface for communication with the RADIUS server.
- sso
Attribute String - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - sso
Attribute StringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute StringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - status
Ttl Double - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller DoubleAcct Fast Framedip Detect - Switch-Controller-Acct-Fast-Framedip-Detect.
- switch
Controller StringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - switch
Controller List<String>Service Types - Switch-Controller-Service-Type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - tertiary
Secrets List<String> - Secret key to access the tertiary server.
- tertiary
Server String - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout Double
- Time in seconds between re-sending authentication requests.
- tls
Min StringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - transport
Protocol String - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - use
Group StringFor Profile - Use-Group-For-Profile. Valid values:
disable,enable. - use
Management StringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - username
Case StringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
- _
scopes ObjectUser Radius Dynamic Mapping_Scope[] - _Scope. The structure of
_scopeblock is documented below. - account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - accounting
Servers ObjectUser Radius Dynamic Mapping Accounting Server[] - Accounting-Server. The structure of
accounting_serverblock is documented below. - acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - acct
Interim numberInterval - Time in seconds between each accounting interim update message.
- all
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - ca
Cert string - CA of server to trust under TLS.
- call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - classes string[]
- Class attribute name(s).
- client
Cert string - Client certificate to use under TLS.
- delimiter string
- Delimiter. Valid values:
plus,comma. - dp
Carrier stringEndpoint Attribute - Dp-Carrier-Endpoint-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - dp
Carrier stringEndpoint Block Attribute - Dp-Carrier-Endpoint-Block-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - dp
Context numberTimeout - Dp-Context-Timeout.
- dp
Flush stringIp Session - Dp-Flush-Ip-Session. Valid values:
disable,enable. - dp
Hold numberTime - Dp-Hold-Time.
- dp
Http stringHeader - Dp-Http-Header.
- dp
Http stringHeader Fallback - Dp-Http-Header-Fallback. Valid values:
ip-header-address,default-profile. - dp
Http stringHeader Status - Dp-Http-Header-Status. Valid values:
disable,enable. - dp
Http stringHeader Suppress - Dp-Http-Header-Suppress. Valid values:
disable,enable. - dp
Log string[]Dyn Flags - Dp-Log-Dyn_Flags. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - dp
Log numberPeriod - Dp-Log-Period.
- dp
Mem numberPercent - Dp-Mem-Percent.
- dp
Profile stringAttribute - Dp-Profile-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - dp
Profile stringAttribute Key - Dp-Profile-Attribute-Key.
- dp
Radius stringResponse - Dp-Radius-Response. Valid values:
disable,enable. - dp
Radius numberServer Port - Dp-Radius-Server-Port.
- dp
Secrets string[] - Dp-Secret.
- dp
Validate stringRequest Secret - Dp-Validate-Request-Secret. Valid values:
disable,enable. - dynamic
Profile string - Dynamic-Profile. Valid values:
disable,enable. - endpoint
Translation string - Endpoint-Translation. Valid values:
disable,enable. - ep
Carrier stringEndpoint Convert Hex - Ep-Carrier-Endpoint-Convert-Hex. Valid values:
disable,enable. - ep
Carrier stringEndpoint Header - Ep-Carrier-Endpoint-Header.
- ep
Carrier stringEndpoint Header Suppress - Ep-Carrier-Endpoint-Header-Suppress. Valid values:
disable,enable. - ep
Carrier stringEndpoint Prefix - Ep-Carrier-Endpoint-Prefix. Valid values:
disable,enable. - ep
Carrier numberEndpoint Prefix Range Max - Ep-Carrier-Endpoint-Prefix-Range-Max.
- ep
Carrier numberEndpoint Prefix Range Min - Ep-Carrier-Endpoint-Prefix-Range-Min.
- ep
Carrier stringEndpoint Prefix String - Ep-Carrier-Endpoint-Prefix-String.
- ep
Carrier stringEndpoint Source - Ep-Carrier-Endpoint-Source. Valid values:
http-header,cookie. - ep
Ip stringHeader - Ep-Ip-Header.
- ep
Ip stringHeader Suppress - Ep-Ip-Header-Suppress. Valid values:
disable,enable. - ep
Missing stringHeader Fallback - Ep-Missing-Header-Fallback. Valid values:
session-ip,policy-profile. - ep
Profile stringQuery Type - Ep-Profile-Query-Type. Valid values:
session-ip,extract-ip,extract-carrier-endpoint. - group
Override stringAttr Type - Group-Override-Attr-Type. Valid values:
filter-Id,class. - h3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - interface string
- Specify outgoing interface to reach server.
- interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - nas
Id string - Custom NAS identifier.
- nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- password
Encoding string - Password encoding. Valid values:
ISO-8859-1,auto. - password
Renewal string - Enable/disable password renewal. Valid values:
disable,enable. - radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - radius
Port number - RADIUS service port number.
- rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - rsso
Context numberTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - rsso
Log string[]Flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - rsso
Log numberPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - rsso
Radius numberServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secrets string[] - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - secondary
Secrets string[] - Secret key to access the secondary server.
- secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secrets string[]
- Pre-shared secret key used to access the primary RADIUS server.
- server string
- Primary RADIUS server CN domain name or IP address.
- server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - source
Ip string - Source IP address for communications to the RADIUS server.
- source
Ip string[]Interfaces - Source interface for communication with the RADIUS server.
- sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - status
Ttl number - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller numberAcct Fast Framedip Detect - Switch-Controller-Acct-Fast-Framedip-Detect.
- switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - switch
Controller string[]Service Types - Switch-Controller-Service-Type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - tertiary
Secrets string[] - Secret key to access the tertiary server.
- tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout number
- Time in seconds between re-sending authentication requests.
- tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - use
Group stringFor Profile - Use-Group-For-Profile. Valid values:
disable,enable. - use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
- _
scopes Sequence[ObjectUser Radius Dynamic Mapping_Scope] - _Scope. The structure of
_scopeblock is documented below. - account_
key_ strcert_ field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - account_
key_ strprocessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - accounting_
servers Sequence[ObjectUser Radius Dynamic Mapping Accounting Server] - Accounting-Server. The structure of
accounting_serverblock is documented below. - acct_
all_ strservers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - acct_
interim_ floatinterval - Time in seconds between each accounting interim update message.
- all_
usergroup str - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - auth_
type str - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - ca_
cert str - CA of server to trust under TLS.
- call_
station_ strid_ type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - classes Sequence[str]
- Class attribute name(s).
- client_
cert str - Client certificate to use under TLS.
- delimiter str
- Delimiter. Valid values:
plus,comma. - dp_
carrier_ strendpoint_ attribute - Dp-Carrier-Endpoint-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - dp_
carrier_ strendpoint_ block_ attribute - Dp-Carrier-Endpoint-Block-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - dp_
context_ floattimeout - Dp-Context-Timeout.
- dp_
flush_ strip_ session - Dp-Flush-Ip-Session. Valid values:
disable,enable. - dp_
hold_ floattime - Dp-Hold-Time.
- dp_
http_ strheader - Dp-Http-Header.
- dp_
http_ strheader_ fallback - Dp-Http-Header-Fallback. Valid values:
ip-header-address,default-profile. - dp_
http_ strheader_ status - Dp-Http-Header-Status. Valid values:
disable,enable. - dp_
http_ strheader_ suppress - Dp-Http-Header-Suppress. Valid values:
disable,enable. - dp_
log_ Sequence[str]dyn_ flags - Dp-Log-Dyn_Flags. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - dp_
log_ floatperiod - Dp-Log-Period.
- dp_
mem_ floatpercent - Dp-Mem-Percent.
- dp_
profile_ strattribute - Dp-Profile-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - dp_
profile_ strattribute_ key - Dp-Profile-Attribute-Key.
- dp_
radius_ strresponse - Dp-Radius-Response. Valid values:
disable,enable. - dp_
radius_ floatserver_ port - Dp-Radius-Server-Port.
- dp_
secrets Sequence[str] - Dp-Secret.
- dp_
validate_ strrequest_ secret - Dp-Validate-Request-Secret. Valid values:
disable,enable. - dynamic_
profile str - Dynamic-Profile. Valid values:
disable,enable. - endpoint_
translation str - Endpoint-Translation. Valid values:
disable,enable. - ep_
carrier_ strendpoint_ convert_ hex - Ep-Carrier-Endpoint-Convert-Hex. Valid values:
disable,enable. - ep_
carrier_ strendpoint_ header - Ep-Carrier-Endpoint-Header.
- ep_
carrier_ strendpoint_ header_ suppress - Ep-Carrier-Endpoint-Header-Suppress. Valid values:
disable,enable. - ep_
carrier_ strendpoint_ prefix - Ep-Carrier-Endpoint-Prefix. Valid values:
disable,enable. - ep_
carrier_ floatendpoint_ prefix_ range_ max - Ep-Carrier-Endpoint-Prefix-Range-Max.
- ep_
carrier_ floatendpoint_ prefix_ range_ min - Ep-Carrier-Endpoint-Prefix-Range-Min.
- ep_
carrier_ strendpoint_ prefix_ string - Ep-Carrier-Endpoint-Prefix-String.
- ep_
carrier_ strendpoint_ source - Ep-Carrier-Endpoint-Source. Valid values:
http-header,cookie. - ep_
ip_ strheader - Ep-Ip-Header.
- ep_
ip_ strheader_ suppress - Ep-Ip-Header-Suppress. Valid values:
disable,enable. - ep_
missing_ strheader_ fallback - Ep-Missing-Header-Fallback. Valid values:
session-ip,policy-profile. - ep_
profile_ strquery_ type - Ep-Profile-Query-Type. Valid values:
session-ip,extract-ip,extract-carrier-endpoint. - group_
override_ strattr_ type - Group-Override-Attr-Type. Valid values:
filter-Id,class. - h3c_
compatibility str - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - interface str
- Specify outgoing interface to reach server.
- interface_
select_ strmethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - mac_
case str - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - mac_
password_ strdelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - mac_
username_ strdelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - nas_
id str - Custom NAS identifier.
- nas_
id_ strtype - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - nas_
ip str - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- password_
encoding str - Password encoding. Valid values:
ISO-8859-1,auto. - password_
renewal str - Enable/disable password renewal. Valid values:
disable,enable. - radius_
coa str - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - radius_
port float - RADIUS service port number.
- rsso str
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - rsso_
context_ floattimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso_
endpoint_ strattribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso_
endpoint_ strblock_ attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso_
ep_ strone_ ip_ only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - rsso_
flush_ strip_ session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - rsso_
log_ Sequence[str]flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - rsso_
log_ floatperiod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso_
radius_ strresponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - rsso_
radius_ floatserver_ port - UDP port to listen on for RADIUS Start and Stop records.
- rsso_
secrets Sequence[str] - RADIUS secret used by the RADIUS accounting server.
- rsso_
validate_ strrequest_ secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - secondary_
secrets Sequence[str] - Secret key to access the secondary server.
- secondary_
server str - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secrets Sequence[str]
- Pre-shared secret key used to access the primary RADIUS server.
- server str
- Primary RADIUS server CN domain name or IP address.
- server_
identity_ strcheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - source_
ip str - Source IP address for communications to the RADIUS server.
- source_
ip_ Sequence[str]interfaces - Source interface for communication with the RADIUS server.
- sso_
attribute str - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - sso_
attribute_ strkey - Key prefix for SSO group value in the SSO attribute.
- sso_
attribute_ strvalue_ override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - status_
ttl float - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch_
controller_ floatacct_ fast_ framedip_ detect - Switch-Controller-Acct-Fast-Framedip-Detect.
- switch_
controller_ strnas_ ip_ dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - switch_
controller_ Sequence[str]service_ types - Switch-Controller-Service-Type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - tertiary_
secrets Sequence[str] - Secret key to access the tertiary server.
- tertiary_
server str - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout float
- Time in seconds between re-sending authentication requests.
- tls_
min_ strproto_ version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - transport_
protocol str - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - use_
group_ strfor_ profile - Use-Group-For-Profile. Valid values:
disable,enable. - use_
management_ strvdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - username_
case_ strsensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
- _
scopes List<Property Map> - _Scope. The structure of
_scopeblock is documented below. - account
Key StringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername,rfc822name,dnsname. - account
Key StringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same,strip. - accounting
Servers List<Property Map> - Accounting-Server. The structure of
accounting_serverblock is documented below. - acct
All StringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
disable,enable. - acct
Interim NumberInterval - Time in seconds between each accounting interim update message.
- all
Usergroup String - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable,enable. - auth
Type String - Authentication methods/protocols permitted for this RADIUS server. Valid values:
pap,chap,ms_chap,ms_chap_v2,auto. - ca
Cert String - CA of server to trust under TLS.
- call
Station StringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy,IP,MAC. - classes List<String>
- Class attribute name(s).
- client
Cert String - Client certificate to use under TLS.
- delimiter String
- Delimiter. Valid values:
plus,comma. - dp
Carrier StringEndpoint Attribute - Dp-Carrier-Endpoint-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - dp
Carrier StringEndpoint Block Attribute - Dp-Carrier-Endpoint-Block-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - dp
Context NumberTimeout - Dp-Context-Timeout.
- dp
Flush StringIp Session - Dp-Flush-Ip-Session. Valid values:
disable,enable. - dp
Hold NumberTime - Dp-Hold-Time.
- dp
Http StringHeader - Dp-Http-Header.
- dp
Http StringHeader Fallback - Dp-Http-Header-Fallback. Valid values:
ip-header-address,default-profile. - dp
Http StringHeader Status - Dp-Http-Header-Status. Valid values:
disable,enable. - dp
Http StringHeader Suppress - Dp-Http-Header-Suppress. Valid values:
disable,enable. - dp
Log List<String>Dyn Flags - Dp-Log-Dyn_Flags. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - dp
Log NumberPeriod - Dp-Log-Period.
- dp
Mem NumberPercent - Dp-Mem-Percent.
- dp
Profile StringAttribute - Dp-Profile-Attribute. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - dp
Profile StringAttribute Key - Dp-Profile-Attribute-Key.
- dp
Radius StringResponse - Dp-Radius-Response. Valid values:
disable,enable. - dp
Radius NumberServer Port - Dp-Radius-Server-Port.
- dp
Secrets List<String> - Dp-Secret.
- dp
Validate StringRequest Secret - Dp-Validate-Request-Secret. Valid values:
disable,enable. - dynamic
Profile String - Dynamic-Profile. Valid values:
disable,enable. - endpoint
Translation String - Endpoint-Translation. Valid values:
disable,enable. - ep
Carrier StringEndpoint Convert Hex - Ep-Carrier-Endpoint-Convert-Hex. Valid values:
disable,enable. - ep
Carrier StringEndpoint Header - Ep-Carrier-Endpoint-Header.
- ep
Carrier StringEndpoint Header Suppress - Ep-Carrier-Endpoint-Header-Suppress. Valid values:
disable,enable. - ep
Carrier StringEndpoint Prefix - Ep-Carrier-Endpoint-Prefix. Valid values:
disable,enable. - ep
Carrier NumberEndpoint Prefix Range Max - Ep-Carrier-Endpoint-Prefix-Range-Max.
- ep
Carrier NumberEndpoint Prefix Range Min - Ep-Carrier-Endpoint-Prefix-Range-Min.
- ep
Carrier StringEndpoint Prefix String - Ep-Carrier-Endpoint-Prefix-String.
- ep
Carrier StringEndpoint Source - Ep-Carrier-Endpoint-Source. Valid values:
http-header,cookie. - ep
Ip StringHeader - Ep-Ip-Header.
- ep
Ip StringHeader Suppress - Ep-Ip-Header-Suppress. Valid values:
disable,enable. - ep
Missing StringHeader Fallback - Ep-Missing-Header-Fallback. Valid values:
session-ip,policy-profile. - ep
Profile StringQuery Type - Ep-Profile-Query-Type. Valid values:
session-ip,extract-ip,extract-carrier-endpoint. - group
Override StringAttr Type - Group-Override-Attr-Type. Valid values:
filter-Id,class. - h3c
Compatibility String - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
disable,enable. - interface String
- Specify outgoing interface to reach server.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - mac
Case String - MAC authentication case (default = lowercase). Valid values:
uppercase,lowercase. - mac
Password StringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - mac
Username StringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen,single-hyphen,colon,none. - nas
Id String - Custom NAS identifier.
- nas
Id StringType - NAS identifier type configuration (default = legacy). Valid values:
legacy,custom,hostname. - nas
Ip String - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- password
Encoding String - Password encoding. Valid values:
ISO-8859-1,auto. - password
Renewal String - Enable/disable password renewal. Valid values:
disable,enable. - radius
Coa String - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
disable,enable. - radius
Port Number - RADIUS service port number.
- rsso String
- Enable/disable RADIUS based single sign on feature. Valid values:
disable,enable. - rsso
Context NumberTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint StringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Endpoint StringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - rsso
Ep StringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
disable,enable. - rsso
Flush StringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
disable,enable. - rsso
Log List<String>Flags - Events to log. Valid values:
none,protocol-error,profile-missing,context-missing,accounting-stop-missed,accounting-event,radiusd-other,endpoint-block. - rsso
Log NumberPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius StringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
disable,enable. - rsso
Radius NumberServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secrets List<String> - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate StringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
disable,enable. - secondary
Secrets List<String> - Secret key to access the secondary server.
- secondary
Server String - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secrets List<String>
- Pre-shared secret key used to access the primary RADIUS server.
- server String
- Primary RADIUS server CN domain name or IP address.
- server
Identity StringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
disable,enable. - source
Ip String - Source IP address for communications to the RADIUS server.
- source
Ip List<String>Interfaces - Source interface for communication with the RADIUS server.
- sso
Attribute String - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name,User-Password,CHAP-Password,NAS-IP-Address,NAS-Port,Service-Type,Framed-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filter-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Login-TCP-Port,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,State,Class,Session-Timeout,Idle-Timeout,Termination-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Status-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Session-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-Output-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Count,CHAP-Challenge,NAS-Port-Type,Port-Limit,Login-LAT-Port. - sso
Attribute StringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute StringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
disable,enable. - status
Ttl Number - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller NumberAcct Fast Framedip Detect - Switch-Controller-Acct-Fast-Framedip-Detect.
- switch
Controller StringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
disable,enable. - switch
Controller List<String>Service Types - Switch-Controller-Service-Type. Valid values:
login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative. - tertiary
Secrets List<String> - Secret key to access the tertiary server.
- tertiary
Server String - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout Number
- Time in seconds between re-sending authentication requests.
- tls
Min StringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values:
default,TLSv1,TLSv1-1,TLSv1-2,SSLv3. - transport
Protocol String - Transport protocol to be used (default = udp). Valid values:
udp,tcp,tls. - use
Group StringFor Profile - Use-Group-For-Profile. Valid values:
disable,enable. - use
Management StringVdom - Enable/disable using management VDOM to send requests. Valid values:
disable,enable. - username
Case StringSensitive - Enable/disable case sensitive user names. Valid values:
disable,enable.
ObjectUserRadiusDynamicMappingAccountingServer, ObjectUserRadiusDynamicMappingAccountingServerArgs
- Id double
- ID (0 - 4294967295).
- Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - Port double
- RADIUS accounting port number.
- Secrets List<string>
- Secret key.
- Server string
- {<name_str|ip_str>} Server CN domain name or IP.
- Source
Ip string - Source IP address for communications to the RADIUS server.
- Status string
- Status. Valid values:
disable,enable.
- Id float64
- ID (0 - 4294967295).
- Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - Port float64
- RADIUS accounting port number.
- Secrets []string
- Secret key.
- Server string
- {<name_str|ip_str>} Server CN domain name or IP.
- Source
Ip string - Source IP address for communications to the RADIUS server.
- Status string
- Status. Valid values:
disable,enable.
- id Double
- ID (0 - 4294967295).
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - interface_ String
- Specify outgoing interface to reach server.
- port Double
- RADIUS accounting port number.
- secrets List<String>
- Secret key.
- server String
- {<name_str|ip_str>} Server CN domain name or IP.
- source
Ip String - Source IP address for communications to the RADIUS server.
- status String
- Status. Valid values:
disable,enable.
- id number
- ID (0 - 4294967295).
- interface string
- Specify outgoing interface to reach server.
- interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - port number
- RADIUS accounting port number.
- secrets string[]
- Secret key.
- server string
- {<name_str|ip_str>} Server CN domain name or IP.
- source
Ip string - Source IP address for communications to the RADIUS server.
- status string
- Status. Valid values:
disable,enable.
- id float
- ID (0 - 4294967295).
- interface str
- Specify outgoing interface to reach server.
- interface_
select_ strmethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - port float
- RADIUS accounting port number.
- secrets Sequence[str]
- Secret key.
- server str
- {<name_str|ip_str>} Server CN domain name or IP.
- source_
ip str - Source IP address for communications to the RADIUS server.
- status str
- Status. Valid values:
disable,enable.
- id Number
- ID (0 - 4294967295).
- interface String
- Specify outgoing interface to reach server.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto,sdwan,specify. - port Number
- RADIUS accounting port number.
- secrets List<String>
- Secret key.
- server String
- {<name_str|ip_str>} Server CN domain name or IP.
- source
Ip String - Source IP address for communications to the RADIUS server.
- status String
- Status. Valid values:
disable,enable.
ObjectUserRadiusDynamicMapping_Scope, ObjectUserRadiusDynamicMapping_ScopeArgs
Import
ObjectUser Radius can be imported using any of these accepted formats:
$ export “FORTIMANAGER_IMPORT_TABLE”=“true”
$ pulumi import fortimanager:index/objectUserRadius:ObjectUserRadius labelname {{name}}
$ unset “FORTIMANAGER_IMPORT_TABLE”
-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortimanager fortinetdev/terraform-provider-fortimanager
- License
- Notes
- This Pulumi package is based on the
fortimanagerTerraform Provider.
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev