fortinet.fortimanager.fmgr_user_radius_dynamicmapping module – Configure RADIUS server entries.

Note

This module is part of the fortinet.fortimanager collection (version 2.4.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_user_radius_dynamicmapping.

New in fortinet.fortimanager 2.0.0

Synopsis 

This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters 

Parameter	Comments
access_token string	The token to access FortiManager without using username and password.
adom string / required	The parameter (adom) in requested url.
bypass_validation boolean	Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices: `false` ← (default) `true`
enable_log boolean	Enable/Disable logging for task. Choices: `false` ← (default) `true`
forticloud_access_token string	Authenticate Ansible client with forticloud API access token.
proposed_method string	The overridden method for the underlying Json RPC request. Choices: `"update"` `"set"` `"add"`
radius string / required	The parameter (radius) in requested url.
rc_failed list / elements=integer	The rc codes list with which the conditions to fail will be overriden.
rc_succeeded list / elements=integer	The rc codes list with which the conditions to succeed will be overriden.
state string / required	The directive to create, update or delete an object. Choices: `"present"` `"absent"`
user_radius_dynamicmapping dictionary	The top level parameters set.
_scope list / elements=dictionary	No description.
name string	No description.
vdom string	No description.
account-key-cert-field string	Deprecated, please rename it to account_key_cert_field. Define subject identity field in certificate for user access right… Choices: `"othername"` `"rfc822name"` `"dnsname"`
account-key-processing string	Deprecated, please rename it to account_key_processing. Account key processing operation. Choices: `"same"` `"strip"`
accounting-server list / elements=dictionary	Deprecated, please rename it to accounting_server.
id integer	No description.
interface string	No description.
interface-select-method string	Deprecated, please rename it to interface_select_method. Choices: `"auto"` `"sdwan"` `"specify"`
port integer	No description.
secret any	(list) No description.
server string	No description.
source-ip string	Deprecated, please rename it to source_ip.
status string	No description. Choices: `"disable"` `"enable"`
acct-all-servers string	Deprecated, please rename it to acct_all_servers. Choices: `"disable"` `"enable"`
acct-interim-interval integer	Deprecated, please rename it to acct_interim_interval.
all-usergroup string	Deprecated, please rename it to all_usergroup. Choices: `"disable"` `"enable"`
auth-type string	Deprecated, please rename it to auth_type. Choices: `"pap"` `"chap"` `"ms_chap"` `"ms_chap_v2"` `"auto"`
ca-cert string	Deprecated, please rename it to ca_cert. CA of server to trust under TLS.
call-station-id-type string	Deprecated, please rename it to call_station_id_type. Calling & Called station identifier type configuration Choices: `"legacy"` `"IP"` `"MAC"`
class any	(list) No description.
client-cert string	Deprecated, please rename it to client_cert. Client certificate to use under TLS.
delimiter string	Configure delimiter to be used for separating profile group names in the SSO attribute Choices: `"plus"` `"comma"`
dp-carrier-endpoint-attribute string	Deprecated, please rename it to dp_carrier_endpoint_attribute. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Vendor-Specific"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
dp-carrier-endpoint-block-attribute string	Deprecated, please rename it to dp_carrier_endpoint_block_attribute. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Vendor-Specific"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
dp-context-timeout integer	Deprecated, please rename it to dp_context_timeout.
dp-flush-ip-session string	Deprecated, please rename it to dp_flush_ip_session. Choices: `"disable"` `"enable"`
dp-hold-time integer	Deprecated, please rename it to dp_hold_time.
dp-http-header string	Deprecated, please rename it to dp_http_header.
dp-http-header-fallback string	Deprecated, please rename it to dp_http_header_fallback. Choices: `"ip-header-address"` `"default-profile"`
dp-http-header-status string	Deprecated, please rename it to dp_http_header_status. Choices: `"disable"` `"enable"`
dp-http-header-suppress string	Deprecated, please rename it to dp_http_header_suppress. Choices: `"disable"` `"enable"`
dp-log-dyn_flags list / elements=string	Deprecated, please rename it to dp_log_dyn_flags. Choices: `"none"` `"protocol-error"` `"profile-missing"` `"context-missing"` `"accounting-stop-missed"` `"accounting-event"` `"radiusd-other"` `"endpoint-block"`
dp-log-period integer	Deprecated, please rename it to dp_log_period.
dp-mem-percent integer	Deprecated, please rename it to dp_mem_percent.
dp-profile-attribute string	Deprecated, please rename it to dp_profile_attribute. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Vendor-Specific"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
dp-profile-attribute-key string	Deprecated, please rename it to dp_profile_attribute_key.
dp-radius-response string	Deprecated, please rename it to dp_radius_response. Choices: `"disable"` `"enable"`
dp-radius-server-port integer	Deprecated, please rename it to dp_radius_server_port.
dp-secret any	(list) Deprecated, please rename it to dp_secret.
dp-validate-request-secret string	Deprecated, please rename it to dp_validate_request_secret. Choices: `"disable"` `"enable"`
dynamic-profile string	Deprecated, please rename it to dynamic_profile. Choices: `"disable"` `"enable"`
endpoint-translation string	Deprecated, please rename it to endpoint_translation. Choices: `"disable"` `"enable"`
ep-carrier-endpoint-convert-hex string	Deprecated, please rename it to ep_carrier_endpoint_convert_hex. Choices: `"disable"` `"enable"`
ep-carrier-endpoint-header string	Deprecated, please rename it to ep_carrier_endpoint_header.
ep-carrier-endpoint-header-suppress string	Deprecated, please rename it to ep_carrier_endpoint_header_suppress. Choices: `"disable"` `"enable"`
ep-carrier-endpoint-prefix string	Deprecated, please rename it to ep_carrier_endpoint_prefix. Choices: `"disable"` `"enable"`
ep-carrier-endpoint-prefix-range-max integer	Deprecated, please rename it to ep_carrier_endpoint_prefix_range_max.
ep-carrier-endpoint-prefix-range-min integer	Deprecated, please rename it to ep_carrier_endpoint_prefix_range_min.
ep-carrier-endpoint-prefix-string string	Deprecated, please rename it to ep_carrier_endpoint_prefix_string.
ep-carrier-endpoint-source string	Deprecated, please rename it to ep_carrier_endpoint_source. Choices: `"http-header"` `"cookie"`
ep-ip-header string	Deprecated, please rename it to ep_ip_header.
ep-ip-header-suppress string	Deprecated, please rename it to ep_ip_header_suppress. Choices: `"disable"` `"enable"`
ep-missing-header-fallback string	Deprecated, please rename it to ep_missing_header_fallback. Choices: `"session-ip"` `"policy-profile"`
ep-profile-query-type string	Deprecated, please rename it to ep_profile_query_type. Choices: `"session-ip"` `"extract-ip"` `"extract-carrier-endpoint"`
group-override-attr-type string	Deprecated, please rename it to group_override_attr_type. Choices: `"filter-Id"` `"class"`
h3c-compatibility string	Deprecated, please rename it to h3c_compatibility. Choices: `"disable"` `"enable"`
interface string	No description.
interface-select-method string	Deprecated, please rename it to interface_select_method. Choices: `"auto"` `"sdwan"` `"specify"`
mac-case string	Deprecated, please rename it to mac_case. MAC authentication case Choices: `"uppercase"` `"lowercase"`
mac-password-delimiter string	Deprecated, please rename it to mac_password_delimiter. MAC authentication password delimiter Choices: `"hyphen"` `"single-hyphen"` `"colon"` `"none"`
mac-username-delimiter string	Deprecated, please rename it to mac_username_delimiter. MAC authentication username delimiter Choices: `"hyphen"` `"single-hyphen"` `"colon"` `"none"`
nas-id string	Deprecated, please rename it to nas_id. Custom NAS identifier.
nas-id-type string	Deprecated, please rename it to nas_id_type. NAS identifier type configuration Choices: `"legacy"` `"custom"` `"hostname"`
nas-ip string	Deprecated, please rename it to nas_ip.
password-encoding string	Deprecated, please rename it to password_encoding. Choices: `"ISO-8859-1"` `"auto"`
password-renewal string	Deprecated, please rename it to password_renewal. Choices: `"disable"` `"enable"`
radius-coa string	Deprecated, please rename it to radius_coa. Choices: `"disable"` `"enable"`
radius-port integer	Deprecated, please rename it to radius_port.
rsso string	No description. Choices: `"disable"` `"enable"`
rsso-context-timeout integer	Deprecated, please rename it to rsso_context_timeout.
rsso-endpoint-attribute string	Deprecated, please rename it to rsso_endpoint_attribute. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
rsso-endpoint-block-attribute string	Deprecated, please rename it to rsso_endpoint_block_attribute. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
rsso-ep-one-ip-only string	Deprecated, please rename it to rsso_ep_one_ip_only. Choices: `"disable"` `"enable"`
rsso-flush-ip-session string	Deprecated, please rename it to rsso_flush_ip_session. Choices: `"disable"` `"enable"`
rsso-log-flags list / elements=string	Deprecated, please rename it to rsso_log_flags. Choices: `"none"` `"protocol-error"` `"profile-missing"` `"context-missing"` `"accounting-stop-missed"` `"accounting-event"` `"radiusd-other"` `"endpoint-block"`
rsso-log-period integer	Deprecated, please rename it to rsso_log_period.
rsso-radius-response string	Deprecated, please rename it to rsso_radius_response. Choices: `"disable"` `"enable"`
rsso-radius-server-port integer	Deprecated, please rename it to rsso_radius_server_port.
rsso-secret any	(list) Deprecated, please rename it to rsso_secret.
rsso-validate-request-secret string	Deprecated, please rename it to rsso_validate_request_secret. Choices: `"disable"` `"enable"`
secondary-secret any	(list) Deprecated, please rename it to secondary_secret.
secondary-server string	Deprecated, please rename it to secondary_server.
secret any	(list) No description.
server string	No description.
server-identity-check string	Deprecated, please rename it to server_identity_check. Enable/disable RADIUS server identity check Choices: `"disable"` `"enable"`
source-ip string	Deprecated, please rename it to source_ip.
sso-attribute string	Deprecated, please rename it to sso_attribute. Choices: `"User-Name"` `"User-Password"` `"CHAP-Password"` `"NAS-IP-Address"` `"NAS-Port"` `"Service-Type"` `"Framed-Protocol"` `"Framed-IP-Address"` `"Framed-IP-Netmask"` `"Framed-Routing"` `"Filter-Id"` `"Framed-MTU"` `"Framed-Compression"` `"Login-IP-Host"` `"Login-Service"` `"Login-TCP-Port"` `"Reply-Message"` `"Callback-Number"` `"Callback-Id"` `"Framed-Route"` `"Framed-IPX-Network"` `"State"` `"Class"` `"Session-Timeout"` `"Idle-Timeout"` `"Termination-Action"` `"Called-Station-Id"` `"Calling-Station-Id"` `"NAS-Identifier"` `"Proxy-State"` `"Login-LAT-Service"` `"Login-LAT-Node"` `"Login-LAT-Group"` `"Framed-AppleTalk-Link"` `"Framed-AppleTalk-Network"` `"Framed-AppleTalk-Zone"` `"Acct-Status-Type"` `"Acct-Delay-Time"` `"Acct-Input-Octets"` `"Acct-Output-Octets"` `"Acct-Session-Id"` `"Acct-Authentic"` `"Acct-Session-Time"` `"Acct-Input-Packets"` `"Acct-Output-Packets"` `"Acct-Terminate-Cause"` `"Acct-Multi-Session-Id"` `"Acct-Link-Count"` `"CHAP-Challenge"` `"NAS-Port-Type"` `"Port-Limit"` `"Login-LAT-Port"`
sso-attribute-key string	Deprecated, please rename it to sso_attribute_key.
sso-attribute-value-override string	Deprecated, please rename it to sso_attribute_value_override. Choices: `"disable"` `"enable"`
status-ttl integer	Deprecated, please rename it to status_ttl. Time for which server reachability is cached so that when a server is unreacha…
switch-controller-acct-fast-framedip-detect integer	Deprecated, please rename it to switch_controller_acct_fast_framedip_detect.
switch-controller-nas-ip-dynamic string	Deprecated, please rename it to switch_controller_nas_ip_dynamic. Enable/Disable switch-controller nas-ip dynamic to dynam… Choices: `"disable"` `"enable"`
switch-controller-service-type list / elements=string	Deprecated, please rename it to switch_controller_service_type. Choices: `"login"` `"framed"` `"callback-login"` `"callback-framed"` `"outbound"` `"administrative"` `"nas-prompt"` `"authenticate-only"` `"callback-nas-prompt"` `"call-check"` `"callback-administrative"`
tertiary-secret any	(list) Deprecated, please rename it to tertiary_secret.
tertiary-server string	Deprecated, please rename it to tertiary_server.
timeout integer	No description.
tls-min-proto-version string	Deprecated, please rename it to tls_min_proto_version. Minimum supported protocol version for TLS connections Choices: `"default"` `"TLSv1"` `"TLSv1-1"` `"TLSv1-2"` `"SSLv3"` `"TLSv1-3"`
transport-protocol string	Deprecated, please rename it to transport_protocol. Transport protocol to be used Choices: `"udp"` `"tcp"` `"tls"`
use-group-for-profile string	Deprecated, please rename it to use_group_for_profile. Choices: `"disable"` `"enable"`
use-management-vdom string	Deprecated, please rename it to use_management_vdom. Choices: `"disable"` `"enable"`
username-case-sensitive string	Deprecated, please rename it to username_case_sensitive. Choices: `"disable"` `"enable"`
workspace_locking_adom string	The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.
workspace_locking_timeout integer	The maximum time in seconds to wait for other user to release the workspace lock. Default: `300`

Notes 

Note

Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples 

- name: Example playbook
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure dynamic mappings of RADIUS server
      fortinet.fortimanager.fmgr_user_radius_dynamicmapping:
        bypass_validation: false
        adom: ansible
        radius: ansible-test-radius # name
        state: present
        user_radius_dynamicmapping:
          _scope:
            - name: FGT_AWS # need a valid device name
              vdom: root # need a valid vdom name under the device
          server: ansible
          timeout: 100

- name: Gathering fortimanager facts
  hosts: fortimanagers
  gather_facts: false
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Retrieve all the dynamic mappings of RADIUS server
      fortinet.fortimanager.fmgr_fact:
        facts:
          selector: "user_radius_dynamicmapping"
          params:
            adom: "ansible"
            radius: "ansible-test-radius" # name
            dynamic_mapping: "your_value"

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
meta dictionary	The result of the request. Returned: always
request_url string	The full url requested. Returned: always Sample: `"/sys/login/user"`
response_code integer	The status of api request. Returned: always Sample: `0`
response_data list / elements=string	The api response. Returned: always
response_message string	The descriptive message of the api response. Returned: always Sample: `"OK."`
system_information dictionary	The information of the target system. Returned: always
rc integer	The status the request. Returned: always Sample: `0`
version_check_warning list / elements=string	Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex

Authors

Xinwei Du (@dux-fortinet)
Xing Li (@lix-fortinet)
Jie Xue (@JieX19)
Link Zheng (@chillancezen)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)

fortinet.fortimanager.fmgr_user_radius_dynamicmapping module – Configure RADIUS server entries.

Synopsis

Parameters

Notes

Examples

Return Values