FortiWLC – Local Admin Authentication

Leave a reply

Local Admin Authentication

Local admin authentication takes place on the controller and uses the same three privilege levels as RADIUS and TACACS+, 15 (superuser), 10 (admin), and 1 (user). If administrators are using Local authentication, they cannot use RADIUS or TACACS+.

Configure an Admin for Local Authentication Mode With the CLI

Use these commands, new in release 4.1, to configure local administrators with the CLI:

  • authentication-mode global
  • authentication-type local
  • local-admin
  • password
  • privilege-level
  • show local admins

For command details, see the FortiWLC (SD) Command Reference.

Local Admin Authentication

CLI Example for Configuring a Local Admin

ramcntrl(0)# configure terminal ramcntrl(0)(config)# authentication‐mode global ramcntrl(0)(config‐auth‐mode)# authentication‐type local ramcntrl(0)(config‐auth‐mode)# exit ramcntrl(0)(config)# exit

ramcntrl(0)# sh authentication‐mode Administrative User Management

AuthenticationType           : local

Primary RADIUS IP Address    : 0.0.0.0

Primary RADIUS Port          : 1812

Primary RADIUS Secret Key    : *****

Secondary RADIUS IP Address  : 0.0.0.0

Secondary RADIUS Port        : 1812

Secondary RADIUS Secret Key  : *****

Primary TACACS+ IP Address   : 0.0.0.0

Primary TACACS+ Port         : 49

Primary TACACS+ Secret Key   : *****

Secondary TACACS+ IP Address : 0.0.0.0

Secondary TACACS+ Port       : 49 Secondary TACACS+ Secret Key : ***** ramcntrl(0)#

ramcntrl(0)(config)# local‐admin LocalUser ramcntrl(0)(config‐local‐admin)# privilege‐level 15 ramcntrl(0)(config‐local‐admin)# password LocalUser ramcntrl(0)(config‐local‐admin)# exit ramcntrl(0)(config)# exit ramcntrl(0)

Configure Local Authentication and Add an Admin with the Web UI

To configure Local authentication for admins and optionally add a local administrator, follow these steps:

  1. Click Configuration > User Management.
  2. Select the Local radio button at the top of the screen.

To actually add a local administrator, continue with Step 3.

  1. There are three tabs for admin authentication (see Figure 55), RADIUS, Tacacs+ and Local Admins. Click the Local Admin tab.
  2. Click Add. The Local Admins – Add window displays – see Figure 56.

Local Admin Authentication

Figure 56: Setting Local Authentication for Admins

  1. Provide the user name for a local administrator.
  2. Provide a password for that local administrator.
  3. Enter a privilege level, 15 (Superuser), 10 (Admin), or 1 (Operator); see the descriptions for each level below.
  4. Click OK.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiWLC on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.