You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

fortinet.fortimanager.fmgr_user_radius module – Configure RADIUS server entries.

Note

This module is part of the fortinet.fortimanager collection (version 2.2.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_user_radius.

New in fortinet.fortimanager 2.0.0

Synopsis
Parameters
Notes
Examples
Return Values

Synopsis 

This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters 

Parameter	Comments
access_token string	The token to access FortiManager without using username and password.
adom string / required	the parameter (adom) in requested url
bypass_validation boolean	Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices: `false` ← (default) `true`
enable_log boolean	Enable/Disable logging for task. Choices: `false` ← (default) `true`
forticloud_access_token string	Authenticate Ansible client with forticloud API access token.
proposed_method string	The overridden method for the underlying Json RPC request. Choices: `"update"` `"set"` `"add"`
rc_failed list / elements=integer	The rc codes list with which the conditions to fail will be overriden.
rc_succeeded list / elements=integer	The rc codes list with which the conditions to succeed will be overriden.
state string / required	The directive to create, update or delete an object. Choices: `"present"` `"absent"`
user_radius dictionary	the top level parameters set
accounting-server list / elements=dictionary	Accounting-Server.
id integer	ID
interface string	Specify outgoing interface to reach server.
interface-select-method string	Specify how to select outgoing interface to reach server. Choices: `"auto"` `"sdwan"` `"specify"`
port integer	RADIUS accounting port number.
secret string	Secret key.
server string	no description
source-ip string	Source IP address for communications to the RADIUS server.
status string	Status. Choices: `"disable"` `"enable"`
acct-all-servers string	Enable/disable sending of accounting messages to all configured servers Choices: `"disable"` `"enable"`
acct-interim-interval integer	Time in seconds between each accounting interim update message.
all-usergroup string	Enable/disable automatically including this RADIUS server in all user groups. Choices: `"disable"` `"enable"`
auth-type string	Authentication methods/protocols permitted for this RADIUS server. Choices: `"pap"` `"chap"` `"ms_chap"` `"ms_chap_v2"` `"auto"`
ca-cert string	CA of server to trust under TLS.
class string	Class attribute name
client-cert string	Client certificate to use under TLS.
delimiter string	Configure delimiter to be used for separating profile group names in the SSO attribute Choices: `"plus"` `"comma"`
dynamic_mapping list / elements=dictionary	Dynamic_Mapping.
_scope list / elements=dictionary	_Scope.
name string	Name.
vdom string	Vdom.
accounting-server list / elements=dictionary	Accounting-Server.
id integer	ID
interface string	Specify outgoing interface to reach server.
interface-select-method string	Specify how to select outgoing interface to reach server. Choices: `"auto"` `"sdwan"` `"specify"`
port integer	RADIUS accounting port number.
secret string	Secret key.
server string	no description
source-ip string	Source IP address for communications to the RADIUS server.
status string	Status. Choices: `"disable"` `"enable"`
acct-all-servers string	Enable/disable sending of accounting messages to all configured servers Choices: `"disable"` `"enable"`
acct-interim-interval integer	Time in seconds between each accounting interim update message.
all-usergroup string	Enable/disable automatically including this RADIUS server in all user groups. Choices: `"disable"` `"enable"`
auth-type string	Authentication methods/protocols permitted for this RADIUS server. Choices: `"pap"` `"chap"` `"ms_chap"` `"ms_chap_v2"` `"auto"`
ca-cert string	CA of server to trust under TLS.
class string	Class attribute name
client-cert string	Client certificate to use under TLS.
delimiter string	Configure delimiter to be used for separating profile group names in the SSO attribute Choices: `"plus"` `"comma"`
dp-carrier-endpoint-attribute string	Dp-Carrier-Endpoint-Attribute. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Vendor-Specific"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
dp-carrier-endpoint-block-attribute string	Dp-Carrier-Endpoint-Block-Attribute. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Vendor-Specific"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
dp-context-timeout integer	Dp-Context-Timeout.
dp-flush-ip-session string	Dp-Flush-Ip-Session. Choices: `"disable"` `"enable"`
dp-hold-time integer	Dp-Hold-Time.
dp-http-header string	Dp-Http-Header.
dp-http-header-fallback string	Dp-Http-Header-Fallback. Choices: `"ip-header-address"` `"default-profile"`
dp-http-header-status string	Dp-Http-Header-Status. Choices: `"disable"` `"enable"`
dp-http-header-suppress string	Dp-Http-Header-Suppress. Choices: `"disable"` `"enable"`
dp-log-dyn_flags list / elements=string	Dp-Log-Dyn_Flags. Choices: `"none"` `"protocol-error"` `"profile-missing"` `"context-missing"` `"accounting-stop-missed"` `"accounting-event"` `"radiusd-other"` `"endpoint-block"`
dp-log-period integer	Dp-Log-Period.
dp-mem-percent integer	Dp-Mem-Percent.
dp-profile-attribute string	Dp-Profile-Attribute. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Vendor-Specific"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
dp-profile-attribute-key string	Dp-Profile-Attribute-Key.
dp-radius-response string	Dp-Radius-Response. Choices: `"disable"` `"enable"`
dp-radius-server-port integer	Dp-Radius-Server-Port.
dp-secret string	Dp-Secret.
dp-validate-request-secret string	Dp-Validate-Request-Secret. Choices: `"disable"` `"enable"`
dynamic-profile string	Dynamic-Profile. Choices: `"disable"` `"enable"`
endpoint-translation string	Endpoint-Translation. Choices: `"disable"` `"enable"`
ep-carrier-endpoint-convert-hex string	Ep-Carrier-Endpoint-Convert-Hex. Choices: `"disable"` `"enable"`
ep-carrier-endpoint-header string	Ep-Carrier-Endpoint-Header.
ep-carrier-endpoint-header-suppress string	Ep-Carrier-Endpoint-Header-Suppress. Choices: `"disable"` `"enable"`
ep-carrier-endpoint-prefix string	Ep-Carrier-Endpoint-Prefix. Choices: `"disable"` `"enable"`
ep-carrier-endpoint-prefix-range-max integer	Ep-Carrier-Endpoint-Prefix-Range-Max.
ep-carrier-endpoint-prefix-range-min integer	Ep-Carrier-Endpoint-Prefix-Range-Min.
ep-carrier-endpoint-prefix-string string	Ep-Carrier-Endpoint-Prefix-String.
ep-carrier-endpoint-source string	Ep-Carrier-Endpoint-Source. Choices: `"http-header"` `"cookie"`
ep-ip-header string	Ep-Ip-Header.
ep-ip-header-suppress string	Ep-Ip-Header-Suppress. Choices: `"disable"` `"enable"`
ep-missing-header-fallback string	Ep-Missing-Header-Fallback. Choices: `"session-ip"` `"policy-profile"`
ep-profile-query-type string	Ep-Profile-Query-Type. Choices: `"session-ip"` `"extract-ip"` `"extract-carrier-endpoint"`
group-override-attr-type string	Group-Override-Attr-Type. Choices: `"filter-Id"` `"class"`
h3c-compatibility string	Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Choices: `"disable"` `"enable"`
interface string	Specify outgoing interface to reach server.
interface-select-method string	Specify how to select outgoing interface to reach server. Choices: `"auto"` `"sdwan"` `"specify"`
mac-case string	MAC authentication case Choices: `"uppercase"` `"lowercase"`
mac-password-delimiter string	MAC authentication password delimiter Choices: `"hyphen"` `"single-hyphen"` `"colon"` `"none"`
mac-username-delimiter string	MAC authentication username delimiter Choices: `"hyphen"` `"single-hyphen"` `"colon"` `"none"`
nas-id string	Custom NAS identifier.
nas-id-type string	NAS identifier type configuration Choices: `"legacy"` `"custom"` `"hostname"`
nas-ip string	IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
password-encoding string	Password encoding. Choices: `"ISO-8859-1"` `"auto"`
password-renewal string	Enable/disable password renewal. Choices: `"disable"` `"enable"`
radius-coa string	Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after … Choices: `"disable"` `"enable"`
radius-port integer	RADIUS service port number.
rsso string	Enable/disable RADIUS based single sign on feature. Choices: `"disable"` `"enable"`
rsso-context-timeout integer	Time in seconds before the logged out user is removed from the user context list of logged on users.
rsso-endpoint-attribute string	RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
rsso-endpoint-block-attribute string	RADIUS attributes used to block a user. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
rsso-ep-one-ip-only string	Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Choices: `"disable"` `"enable"`
rsso-flush-ip-session string	Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Choices: `"disable"` `"enable"`
rsso-log-flags list / elements=string	Events to log. Choices: `"none"` `"protocol-error"` `"profile-missing"` `"context-missing"` `"accounting-stop-missed"` `"accounting-event"` `"radiusd-other"` `"endpoint-block"`
rsso-log-period integer	Time interval in seconds that group event log messages will be generated for dynamic profile events.
rsso-radius-response string	Enable/disable sending RADIUS response packets after receiving Start and Stop records. Choices: `"disable"` `"enable"`
rsso-radius-server-port integer	UDP port to listen on for RADIUS Start and Stop records.
rsso-secret string	RADIUS secret used by the RADIUS accounting server.
rsso-validate-request-secret string	Enable/disable validating the RADIUS request shared secret in the Start or End record. Choices: `"disable"` `"enable"`
secondary-secret string	Secret key to access the secondary server.
secondary-server string	no description
secret string	Pre-shared secret key used to access the primary RADIUS server.
server string	Primary RADIUS server CN domain name or IP address.
server-identity-check string	Enable/disable RADIUS server identity check Choices: `"disable"` `"enable"`
source-ip string	Source IP address for communications to the RADIUS server.
sso-attribute string	RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
sso-attribute-key string	Key prefix for SSO group value in the SSO attribute.
sso-attribute-value-override string	Enable/disable override old attribute value with new value for the same endpoint. Choices: `"disable"` `"enable"`
status-ttl integer	Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least …
switch-controller-acct-fast-framedip-detect integer	Switch-Controller-Acct-Fast-Framedip-Detect.
switch-controller-service-type list / elements=string	Switch-Controller-Service-Type. Choices: `"login"` `"framed"` `"callback-login"` `"callback-framed"` `"outbound"` `"administrative"` `"nas-prompt"` `"authenticate-only"` `"callback-nas-prompt"` `"call-check"` `"callback-administrative"`
tertiary-secret string	Secret key to access the tertiary server.
tertiary-server string	no description
timeout integer	Time in seconds between re-sending authentication requests.
tls-min-proto-version string	Minimum supported protocol version for TLS connections Choices: `"default"` `"TLSv1"` `"TLSv1-1"` `"TLSv1-2"` `"SSLv3"`
transport-protocol string	Transport protocol to be used Choices: `"udp"` `"tcp"` `"tls"`
use-group-for-profile string	Use-Group-For-Profile. Choices: `"disable"` `"enable"`
use-management-vdom string	Enable/disable using management VDOM to send requests. Choices: `"disable"` `"enable"`
username-case-sensitive string	Enable/disable case sensitive user names. Choices: `"disable"` `"enable"`
group-override-attr-type string	RADIUS attribute type to override user group information. Choices: `"filter-Id"` `"class"`
h3c-compatibility string	Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Choices: `"disable"` `"enable"`
interface string	Specify outgoing interface to reach server.
interface-select-method string	Specify how to select outgoing interface to reach server. Choices: `"auto"` `"sdwan"` `"specify"`
mac-case string	MAC authentication case Choices: `"uppercase"` `"lowercase"`
mac-password-delimiter string	MAC authentication password delimiter Choices: `"hyphen"` `"single-hyphen"` `"colon"` `"none"`
mac-username-delimiter string	MAC authentication username delimiter Choices: `"hyphen"` `"single-hyphen"` `"colon"` `"none"`
name string	RADIUS server entry name.
nas-id string	Custom NAS identifier.
nas-id-type string	NAS identifier type configuration Choices: `"legacy"` `"custom"` `"hostname"`
nas-ip string	IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
password-encoding string	Password encoding. Choices: `"ISO-8859-1"` `"auto"`
password-renewal string	Enable/disable password renewal. Choices: `"disable"` `"enable"`
radius-coa string	Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is au… Choices: `"disable"` `"enable"`
radius-port integer	RADIUS service port number.
rsso string	Enable/disable RADIUS based single sign on feature. Choices: `"disable"` `"enable"`
rsso-context-timeout integer	Time in seconds before the logged out user is removed from the user context list of logged on users.
rsso-endpoint-attribute string	RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
rsso-endpoint-block-attribute string	RADIUS attributes used to block a user. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
rsso-ep-one-ip-only string	Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Choices: `"disable"` `"enable"`
rsso-flush-ip-session string	Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Choices: `"disable"` `"enable"`
rsso-log-flags list / elements=string	Events to log. Choices: `"none"` `"protocol-error"` `"profile-missing"` `"context-missing"` `"accounting-stop-missed"` `"accounting-event"` `"radiusd-other"` `"endpoint-block"`
rsso-log-period integer	Time interval in seconds that group event log messages will be generated for dynamic profile events.
rsso-radius-response string	Enable/disable sending RADIUS response packets after receiving Start and Stop records. Choices: `"disable"` `"enable"`
rsso-radius-server-port integer	UDP port to listen on for RADIUS Start and Stop records.
rsso-secret string	RADIUS secret used by the RADIUS accounting server.
rsso-validate-request-secret string	Enable/disable validating the RADIUS request shared secret in the Start or End record. Choices: `"disable"` `"enable"`
secondary-secret string	Secret key to access the secondary server.
secondary-server string	no description
secret string	Pre-shared secret key used to access the primary RADIUS server.
server string	Primary RADIUS server CN domain name or IP address.
server-identity-check string	Enable/disable RADIUS server identity check Choices: `"disable"` `"enable"`
source-ip string	Source IP address for communications to the RADIUS server.
sso-attribute string	RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
sso-attribute-key string	Key prefix for SSO group value in the SSO attribute.
sso-attribute-value-override string	Enable/disable override old attribute value with new value for the same endpoint. Choices: `"disable"` `"enable"`
status-ttl integer	Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this per…
switch-controller-acct-fast-framedip-detect integer	Switch controller accounting message Framed-IP detection from DHCP snooping
switch-controller-service-type list / elements=string	RADIUS service type. Choices: `"login"` `"framed"` `"callback-login"` `"callback-framed"` `"outbound"` `"administrative"` `"nas-prompt"` `"authenticate-only"` `"callback-nas-prompt"` `"call-check"` `"callback-administrative"`
tertiary-secret string	Secret key to access the tertiary server.
tertiary-server string	no description
timeout integer	Time in seconds between re-sending authentication requests.
tls-min-proto-version string	Minimum supported protocol version for TLS connections Choices: `"default"` `"TLSv1"` `"TLSv1-1"` `"TLSv1-2"` `"SSLv3"`
transport-protocol string	Transport protocol to be used Choices: `"udp"` `"tcp"` `"tls"`
use-management-vdom string	Enable/disable using management VDOM to send requests. Choices: `"disable"` `"enable"`
username-case-sensitive string	Enable/disable case sensitive user names. Choices: `"disable"` `"enable"`
workspace_locking_adom string	The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.
workspace_locking_timeout integer	The maximum time in seconds to wait for other user to release the workspace lock. Default: `300`

Notes 

Note

Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples 

- name: gathering fortimanager facts
  hosts: fortimanager00
  gather_facts: no
  connection: httpapi
  collections:
    - fortinet.fortimanager
  vars:
    ansible_httpapi_use_ssl: True
    ansible_httpapi_validate_certs: False
    ansible_httpapi_port: 443
  tasks:
   - name: retrieve all the RADIUS server entries
     fmgr_fact:
       facts:
           selector: 'user_radius'
           params:
               adom: 'ansible'
               radius: 'your_value'

- hosts: fortimanager00
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure RADIUS server entries.
     fmgr_user_radius:
        bypass_validation: False
        adom: ansible
        state: present
        user_radius:
           name: ansible-test-radius
           server: ansible
           timeout: 200

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
meta dictionary	The result of the request. Returned: always
request_url string	The full url requested. Returned: always Sample: `"/sys/login/user"`
response_code integer	The status of api request. Returned: always Sample: `0`
response_data list / elements=string	The api response. Returned: always
response_message string	The descriptive message of the api response. Returned: always Sample: `"OK."`
system_information dictionary	The information of the target system. Returned: always
rc integer	The status the request. Returned: always Sample: `0`
version_check_warning list / elements=string	Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex

Authors

Xinwei Du (@dux-fortinet)
Xing Li (@lix-fortinet)
Jie Xue (@JieX19)
Link Zheng (@chillancezen)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)

Collection links

Issue Tracker Homepage Repository (Sources)

fortinet.fortimanager.fmgr_user_radius module – Configure RADIUS server entries.

Synopsis

Parameters

Notes

Examples

Return Values