fortios.user.Radius
Explore with Pulumi AI
Configure RADIUS server entries.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.user.Radius("trname", {
acctAllServers: "disable",
allUsergroup: "disable",
authType: "auto",
h3cCompatibility: "disable",
nasIp: "0.0.0.0",
passwordEncoding: "auto",
passwordRenewal: "disable",
radiusCoa: "disable",
radiusPort: 0,
rsso: "disable",
rssoContextTimeout: 28800,
rssoEndpointAttribute: "Calling-Station-Id",
rssoEpOneIpOnly: "disable",
rssoFlushIpSession: "disable",
rssoLogFlags: "protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other",
rssoLogPeriod: 0,
rssoRadiusResponse: "disable",
rssoRadiusServerPort: 1813,
rssoValidateRequestSecret: "disable",
secret: "FDaaewjkeiw32",
server: "1.1.1.1",
ssoAttribute: "Class",
ssoAttributeValueOverride: "enable",
timeout: 5,
useManagementVdom: "disable",
usernameCaseSensitive: "disable",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.user.Radius("trname",
acct_all_servers="disable",
all_usergroup="disable",
auth_type="auto",
h3c_compatibility="disable",
nas_ip="0.0.0.0",
password_encoding="auto",
password_renewal="disable",
radius_coa="disable",
radius_port=0,
rsso="disable",
rsso_context_timeout=28800,
rsso_endpoint_attribute="Calling-Station-Id",
rsso_ep_one_ip_only="disable",
rsso_flush_ip_session="disable",
rsso_log_flags="protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other",
rsso_log_period=0,
rsso_radius_response="disable",
rsso_radius_server_port=1813,
rsso_validate_request_secret="disable",
secret="FDaaewjkeiw32",
server="1.1.1.1",
sso_attribute="Class",
sso_attribute_value_override="enable",
timeout=5,
use_management_vdom="disable",
username_case_sensitive="disable")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/user"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := user.NewRadius(ctx, "trname", &user.RadiusArgs{
AcctAllServers: pulumi.String("disable"),
AllUsergroup: pulumi.String("disable"),
AuthType: pulumi.String("auto"),
H3cCompatibility: pulumi.String("disable"),
NasIp: pulumi.String("0.0.0.0"),
PasswordEncoding: pulumi.String("auto"),
PasswordRenewal: pulumi.String("disable"),
RadiusCoa: pulumi.String("disable"),
RadiusPort: pulumi.Int(0),
Rsso: pulumi.String("disable"),
RssoContextTimeout: pulumi.Int(28800),
RssoEndpointAttribute: pulumi.String("Calling-Station-Id"),
RssoEpOneIpOnly: pulumi.String("disable"),
RssoFlushIpSession: pulumi.String("disable"),
RssoLogFlags: pulumi.String("protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other"),
RssoLogPeriod: pulumi.Int(0),
RssoRadiusResponse: pulumi.String("disable"),
RssoRadiusServerPort: pulumi.Int(1813),
RssoValidateRequestSecret: pulumi.String("disable"),
Secret: pulumi.String("FDaaewjkeiw32"),
Server: pulumi.String("1.1.1.1"),
SsoAttribute: pulumi.String("Class"),
SsoAttributeValueOverride: pulumi.String("enable"),
Timeout: pulumi.Int(5),
UseManagementVdom: pulumi.String("disable"),
UsernameCaseSensitive: pulumi.String("disable"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() =>
{
var trname = new Fortios.User.Radius("trname", new()
{
AcctAllServers = "disable",
AllUsergroup = "disable",
AuthType = "auto",
H3cCompatibility = "disable",
NasIp = "0.0.0.0",
PasswordEncoding = "auto",
PasswordRenewal = "disable",
RadiusCoa = "disable",
RadiusPort = 0,
Rsso = "disable",
RssoContextTimeout = 28800,
RssoEndpointAttribute = "Calling-Station-Id",
RssoEpOneIpOnly = "disable",
RssoFlushIpSession = "disable",
RssoLogFlags = "protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other",
RssoLogPeriod = 0,
RssoRadiusResponse = "disable",
RssoRadiusServerPort = 1813,
RssoValidateRequestSecret = "disable",
Secret = "FDaaewjkeiw32",
Server = "1.1.1.1",
SsoAttribute = "Class",
SsoAttributeValueOverride = "enable",
Timeout = 5,
UseManagementVdom = "disable",
UsernameCaseSensitive = "disable",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.user.Radius;
import com.pulumi.fortios.user.RadiusArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new Radius("trname", RadiusArgs.builder()
.acctAllServers("disable")
.allUsergroup("disable")
.authType("auto")
.h3cCompatibility("disable")
.nasIp("0.0.0.0")
.passwordEncoding("auto")
.passwordRenewal("disable")
.radiusCoa("disable")
.radiusPort(0)
.rsso("disable")
.rssoContextTimeout(28800)
.rssoEndpointAttribute("Calling-Station-Id")
.rssoEpOneIpOnly("disable")
.rssoFlushIpSession("disable")
.rssoLogFlags("protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other")
.rssoLogPeriod(0)
.rssoRadiusResponse("disable")
.rssoRadiusServerPort(1813)
.rssoValidateRequestSecret("disable")
.secret("FDaaewjkeiw32")
.server("1.1.1.1")
.ssoAttribute("Class")
.ssoAttributeValueOverride("enable")
.timeout(5)
.useManagementVdom("disable")
.usernameCaseSensitive("disable")
.build());
}
}
resources:
trname:
type: fortios:user:Radius
properties:
acctAllServers: disable
allUsergroup: disable
authType: auto
h3cCompatibility: disable
nasIp: 0.0.0.0
passwordEncoding: auto
passwordRenewal: disable
radiusCoa: disable
radiusPort: 0
rsso: disable
rssoContextTimeout: 28800
rssoEndpointAttribute: Calling-Station-Id
rssoEpOneIpOnly: disable
rssoFlushIpSession: disable
rssoLogFlags: protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other
rssoLogPeriod: 0
rssoRadiusResponse: disable
rssoRadiusServerPort: 1813
rssoValidateRequestSecret: disable
secret: FDaaewjkeiw32
server: 1.1.1.1
ssoAttribute: Class
ssoAttributeValueOverride: enable
timeout: 5
useManagementVdom: disable
usernameCaseSensitive: disable
Create Radius Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Radius(name: string, args?: RadiusArgs, opts?: CustomResourceOptions);
@overload
def Radius(resource_name: str,
args: Optional[RadiusArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Radius(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_key_cert_field: Optional[str] = None,
account_key_processing: Optional[str] = None,
accounting_servers: Optional[Sequence[RadiusAccountingServerArgs]] = None,
acct_all_servers: Optional[str] = None,
acct_interim_interval: Optional[int] = None,
all_usergroup: Optional[str] = None,
auth_type: Optional[str] = None,
ca_cert: Optional[str] = None,
call_station_id_type: Optional[str] = None,
classes: Optional[Sequence[RadiusClassArgs]] = None,
client_cert: Optional[str] = None,
delimiter: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
get_all_tables: Optional[str] = None,
group_override_attr_type: Optional[str] = None,
h3c_compatibility: Optional[str] = None,
interface: Optional[str] = None,
interface_select_method: Optional[str] = None,
mac_case: Optional[str] = None,
mac_password_delimiter: Optional[str] = None,
mac_username_delimiter: Optional[str] = None,
name: Optional[str] = None,
nas_id: Optional[str] = None,
nas_id_type: Optional[str] = None,
nas_ip: Optional[str] = None,
password_encoding: Optional[str] = None,
password_renewal: Optional[str] = None,
radius_coa: Optional[str] = None,
radius_port: Optional[int] = None,
rsso: Optional[str] = None,
rsso_context_timeout: Optional[int] = None,
rsso_endpoint_attribute: Optional[str] = None,
rsso_endpoint_block_attribute: Optional[str] = None,
rsso_ep_one_ip_only: Optional[str] = None,
rsso_flush_ip_session: Optional[str] = None,
rsso_log_flags: Optional[str] = None,
rsso_log_period: Optional[int] = None,
rsso_radius_response: Optional[str] = None,
rsso_radius_server_port: Optional[int] = None,
rsso_secret: Optional[str] = None,
rsso_validate_request_secret: Optional[str] = None,
secondary_secret: Optional[str] = None,
secondary_server: Optional[str] = None,
secret: Optional[str] = None,
server: Optional[str] = None,
server_identity_check: Optional[str] = None,
source_ip: Optional[str] = None,
sso_attribute: Optional[str] = None,
sso_attribute_key: Optional[str] = None,
sso_attribute_value_override: Optional[str] = None,
status_ttl: Optional[int] = None,
switch_controller_acct_fast_framedip_detect: Optional[int] = None,
switch_controller_nas_ip_dynamic: Optional[str] = None,
switch_controller_service_type: Optional[str] = None,
tertiary_secret: Optional[str] = None,
tertiary_server: Optional[str] = None,
timeout: Optional[int] = None,
tls_min_proto_version: Optional[str] = None,
transport_protocol: Optional[str] = None,
use_management_vdom: Optional[str] = None,
username_case_sensitive: Optional[str] = None,
vdomparam: Optional[str] = None)
func NewRadius(ctx *Context, name string, args *RadiusArgs, opts ...ResourceOption) (*Radius, error)
public Radius(string name, RadiusArgs? args = null, CustomResourceOptions? opts = null)
public Radius(String name, RadiusArgs args)
public Radius(String name, RadiusArgs args, CustomResourceOptions options)
type: fortios:user:Radius
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RadiusArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RadiusArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RadiusArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RadiusArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RadiusArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var radiusResource = new Fortios.User.Radius("radiusResource", new()
{
AccountKeyCertField = "string",
AccountKeyProcessing = "string",
AccountingServers = new[]
{
new Fortios.User.Inputs.RadiusAccountingServerArgs
{
Id = 0,
Interface = "string",
InterfaceSelectMethod = "string",
Port = 0,
Secret = "string",
Server = "string",
SourceIp = "string",
Status = "string",
},
},
AcctAllServers = "string",
AcctInterimInterval = 0,
AllUsergroup = "string",
AuthType = "string",
CaCert = "string",
CallStationIdType = "string",
Classes = new[]
{
new Fortios.User.Inputs.RadiusClassArgs
{
Name = "string",
},
},
ClientCert = "string",
Delimiter = "string",
DynamicSortSubtable = "string",
GetAllTables = "string",
GroupOverrideAttrType = "string",
H3cCompatibility = "string",
Interface = "string",
InterfaceSelectMethod = "string",
MacCase = "string",
MacPasswordDelimiter = "string",
MacUsernameDelimiter = "string",
Name = "string",
NasId = "string",
NasIdType = "string",
NasIp = "string",
PasswordEncoding = "string",
PasswordRenewal = "string",
RadiusCoa = "string",
RadiusPort = 0,
Rsso = "string",
RssoContextTimeout = 0,
RssoEndpointAttribute = "string",
RssoEndpointBlockAttribute = "string",
RssoEpOneIpOnly = "string",
RssoFlushIpSession = "string",
RssoLogFlags = "string",
RssoLogPeriod = 0,
RssoRadiusResponse = "string",
RssoRadiusServerPort = 0,
RssoSecret = "string",
RssoValidateRequestSecret = "string",
SecondarySecret = "string",
SecondaryServer = "string",
Secret = "string",
Server = "string",
ServerIdentityCheck = "string",
SourceIp = "string",
SsoAttribute = "string",
SsoAttributeKey = "string",
SsoAttributeValueOverride = "string",
StatusTtl = 0,
SwitchControllerAcctFastFramedipDetect = 0,
SwitchControllerNasIpDynamic = "string",
SwitchControllerServiceType = "string",
TertiarySecret = "string",
TertiaryServer = "string",
Timeout = 0,
TlsMinProtoVersion = "string",
TransportProtocol = "string",
UseManagementVdom = "string",
UsernameCaseSensitive = "string",
Vdomparam = "string",
});
example, err := user.NewRadius(ctx, "radiusResource", &user.RadiusArgs{
AccountKeyCertField: pulumi.String("string"),
AccountKeyProcessing: pulumi.String("string"),
AccountingServers: user.RadiusAccountingServerArray{
&user.RadiusAccountingServerArgs{
Id: pulumi.Int(0),
Interface: pulumi.String("string"),
InterfaceSelectMethod: pulumi.String("string"),
Port: pulumi.Int(0),
Secret: pulumi.String("string"),
Server: pulumi.String("string"),
SourceIp: pulumi.String("string"),
Status: pulumi.String("string"),
},
},
AcctAllServers: pulumi.String("string"),
AcctInterimInterval: pulumi.Int(0),
AllUsergroup: pulumi.String("string"),
AuthType: pulumi.String("string"),
CaCert: pulumi.String("string"),
CallStationIdType: pulumi.String("string"),
Classes: user.RadiusClassArray{
&user.RadiusClassArgs{
Name: pulumi.String("string"),
},
},
ClientCert: pulumi.String("string"),
Delimiter: pulumi.String("string"),
DynamicSortSubtable: pulumi.String("string"),
GetAllTables: pulumi.String("string"),
GroupOverrideAttrType: pulumi.String("string"),
H3cCompatibility: pulumi.String("string"),
Interface: pulumi.String("string"),
InterfaceSelectMethod: pulumi.String("string"),
MacCase: pulumi.String("string"),
MacPasswordDelimiter: pulumi.String("string"),
MacUsernameDelimiter: pulumi.String("string"),
Name: pulumi.String("string"),
NasId: pulumi.String("string"),
NasIdType: pulumi.String("string"),
NasIp: pulumi.String("string"),
PasswordEncoding: pulumi.String("string"),
PasswordRenewal: pulumi.String("string"),
RadiusCoa: pulumi.String("string"),
RadiusPort: pulumi.Int(0),
Rsso: pulumi.String("string"),
RssoContextTimeout: pulumi.Int(0),
RssoEndpointAttribute: pulumi.String("string"),
RssoEndpointBlockAttribute: pulumi.String("string"),
RssoEpOneIpOnly: pulumi.String("string"),
RssoFlushIpSession: pulumi.String("string"),
RssoLogFlags: pulumi.String("string"),
RssoLogPeriod: pulumi.Int(0),
RssoRadiusResponse: pulumi.String("string"),
RssoRadiusServerPort: pulumi.Int(0),
RssoSecret: pulumi.String("string"),
RssoValidateRequestSecret: pulumi.String("string"),
SecondarySecret: pulumi.String("string"),
SecondaryServer: pulumi.String("string"),
Secret: pulumi.String("string"),
Server: pulumi.String("string"),
ServerIdentityCheck: pulumi.String("string"),
SourceIp: pulumi.String("string"),
SsoAttribute: pulumi.String("string"),
SsoAttributeKey: pulumi.String("string"),
SsoAttributeValueOverride: pulumi.String("string"),
StatusTtl: pulumi.Int(0),
SwitchControllerAcctFastFramedipDetect: pulumi.Int(0),
SwitchControllerNasIpDynamic: pulumi.String("string"),
SwitchControllerServiceType: pulumi.String("string"),
TertiarySecret: pulumi.String("string"),
TertiaryServer: pulumi.String("string"),
Timeout: pulumi.Int(0),
TlsMinProtoVersion: pulumi.String("string"),
TransportProtocol: pulumi.String("string"),
UseManagementVdom: pulumi.String("string"),
UsernameCaseSensitive: pulumi.String("string"),
Vdomparam: pulumi.String("string"),
})
var radiusResource = new Radius("radiusResource", RadiusArgs.builder()
.accountKeyCertField("string")
.accountKeyProcessing("string")
.accountingServers(RadiusAccountingServerArgs.builder()
.id(0)
.interface_("string")
.interfaceSelectMethod("string")
.port(0)
.secret("string")
.server("string")
.sourceIp("string")
.status("string")
.build())
.acctAllServers("string")
.acctInterimInterval(0)
.allUsergroup("string")
.authType("string")
.caCert("string")
.callStationIdType("string")
.classes(RadiusClassArgs.builder()
.name("string")
.build())
.clientCert("string")
.delimiter("string")
.dynamicSortSubtable("string")
.getAllTables("string")
.groupOverrideAttrType("string")
.h3cCompatibility("string")
.interface_("string")
.interfaceSelectMethod("string")
.macCase("string")
.macPasswordDelimiter("string")
.macUsernameDelimiter("string")
.name("string")
.nasId("string")
.nasIdType("string")
.nasIp("string")
.passwordEncoding("string")
.passwordRenewal("string")
.radiusCoa("string")
.radiusPort(0)
.rsso("string")
.rssoContextTimeout(0)
.rssoEndpointAttribute("string")
.rssoEndpointBlockAttribute("string")
.rssoEpOneIpOnly("string")
.rssoFlushIpSession("string")
.rssoLogFlags("string")
.rssoLogPeriod(0)
.rssoRadiusResponse("string")
.rssoRadiusServerPort(0)
.rssoSecret("string")
.rssoValidateRequestSecret("string")
.secondarySecret("string")
.secondaryServer("string")
.secret("string")
.server("string")
.serverIdentityCheck("string")
.sourceIp("string")
.ssoAttribute("string")
.ssoAttributeKey("string")
.ssoAttributeValueOverride("string")
.statusTtl(0)
.switchControllerAcctFastFramedipDetect(0)
.switchControllerNasIpDynamic("string")
.switchControllerServiceType("string")
.tertiarySecret("string")
.tertiaryServer("string")
.timeout(0)
.tlsMinProtoVersion("string")
.transportProtocol("string")
.useManagementVdom("string")
.usernameCaseSensitive("string")
.vdomparam("string")
.build());
radius_resource = fortios.user.Radius("radiusResource",
account_key_cert_field="string",
account_key_processing="string",
accounting_servers=[fortios.user.RadiusAccountingServerArgs(
id=0,
interface="string",
interface_select_method="string",
port=0,
secret="string",
server="string",
source_ip="string",
status="string",
)],
acct_all_servers="string",
acct_interim_interval=0,
all_usergroup="string",
auth_type="string",
ca_cert="string",
call_station_id_type="string",
classes=[fortios.user.RadiusClassArgs(
name="string",
)],
client_cert="string",
delimiter="string",
dynamic_sort_subtable="string",
get_all_tables="string",
group_override_attr_type="string",
h3c_compatibility="string",
interface="string",
interface_select_method="string",
mac_case="string",
mac_password_delimiter="string",
mac_username_delimiter="string",
name="string",
nas_id="string",
nas_id_type="string",
nas_ip="string",
password_encoding="string",
password_renewal="string",
radius_coa="string",
radius_port=0,
rsso="string",
rsso_context_timeout=0,
rsso_endpoint_attribute="string",
rsso_endpoint_block_attribute="string",
rsso_ep_one_ip_only="string",
rsso_flush_ip_session="string",
rsso_log_flags="string",
rsso_log_period=0,
rsso_radius_response="string",
rsso_radius_server_port=0,
rsso_secret="string",
rsso_validate_request_secret="string",
secondary_secret="string",
secondary_server="string",
secret="string",
server="string",
server_identity_check="string",
source_ip="string",
sso_attribute="string",
sso_attribute_key="string",
sso_attribute_value_override="string",
status_ttl=0,
switch_controller_acct_fast_framedip_detect=0,
switch_controller_nas_ip_dynamic="string",
switch_controller_service_type="string",
tertiary_secret="string",
tertiary_server="string",
timeout=0,
tls_min_proto_version="string",
transport_protocol="string",
use_management_vdom="string",
username_case_sensitive="string",
vdomparam="string")
const radiusResource = new fortios.user.Radius("radiusResource", {
accountKeyCertField: "string",
accountKeyProcessing: "string",
accountingServers: [{
id: 0,
"interface": "string",
interfaceSelectMethod: "string",
port: 0,
secret: "string",
server: "string",
sourceIp: "string",
status: "string",
}],
acctAllServers: "string",
acctInterimInterval: 0,
allUsergroup: "string",
authType: "string",
caCert: "string",
callStationIdType: "string",
classes: [{
name: "string",
}],
clientCert: "string",
delimiter: "string",
dynamicSortSubtable: "string",
getAllTables: "string",
groupOverrideAttrType: "string",
h3cCompatibility: "string",
"interface": "string",
interfaceSelectMethod: "string",
macCase: "string",
macPasswordDelimiter: "string",
macUsernameDelimiter: "string",
name: "string",
nasId: "string",
nasIdType: "string",
nasIp: "string",
passwordEncoding: "string",
passwordRenewal: "string",
radiusCoa: "string",
radiusPort: 0,
rsso: "string",
rssoContextTimeout: 0,
rssoEndpointAttribute: "string",
rssoEndpointBlockAttribute: "string",
rssoEpOneIpOnly: "string",
rssoFlushIpSession: "string",
rssoLogFlags: "string",
rssoLogPeriod: 0,
rssoRadiusResponse: "string",
rssoRadiusServerPort: 0,
rssoSecret: "string",
rssoValidateRequestSecret: "string",
secondarySecret: "string",
secondaryServer: "string",
secret: "string",
server: "string",
serverIdentityCheck: "string",
sourceIp: "string",
ssoAttribute: "string",
ssoAttributeKey: "string",
ssoAttributeValueOverride: "string",
statusTtl: 0,
switchControllerAcctFastFramedipDetect: 0,
switchControllerNasIpDynamic: "string",
switchControllerServiceType: "string",
tertiarySecret: "string",
tertiaryServer: "string",
timeout: 0,
tlsMinProtoVersion: "string",
transportProtocol: "string",
useManagementVdom: "string",
usernameCaseSensitive: "string",
vdomparam: "string",
});
type: fortios:user:Radius
properties:
accountKeyCertField: string
accountKeyProcessing: string
accountingServers:
- id: 0
interface: string
interfaceSelectMethod: string
port: 0
secret: string
server: string
sourceIp: string
status: string
acctAllServers: string
acctInterimInterval: 0
allUsergroup: string
authType: string
caCert: string
callStationIdType: string
classes:
- name: string
clientCert: string
delimiter: string
dynamicSortSubtable: string
getAllTables: string
groupOverrideAttrType: string
h3cCompatibility: string
interface: string
interfaceSelectMethod: string
macCase: string
macPasswordDelimiter: string
macUsernameDelimiter: string
name: string
nasId: string
nasIdType: string
nasIp: string
passwordEncoding: string
passwordRenewal: string
radiusCoa: string
radiusPort: 0
rsso: string
rssoContextTimeout: 0
rssoEndpointAttribute: string
rssoEndpointBlockAttribute: string
rssoEpOneIpOnly: string
rssoFlushIpSession: string
rssoLogFlags: string
rssoLogPeriod: 0
rssoRadiusResponse: string
rssoRadiusServerPort: 0
rssoSecret: string
rssoValidateRequestSecret: string
secondarySecret: string
secondaryServer: string
secret: string
server: string
serverIdentityCheck: string
sourceIp: string
ssoAttribute: string
ssoAttributeKey: string
ssoAttributeValueOverride: string
statusTtl: 0
switchControllerAcctFastFramedipDetect: 0
switchControllerNasIpDynamic: string
switchControllerServiceType: string
tertiarySecret: string
tertiaryServer: string
timeout: 0
tlsMinProtoVersion: string
transportProtocol: string
useManagementVdom: string
usernameCaseSensitive: string
vdomparam: string
Radius Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Radius resource accepts the following input properties:
- Account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername
,rfc822name
,dnsname
. - Account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same
,strip
. - Accounting
Servers List<Pulumiverse.Fortios. User. Inputs. Radius Accounting Server> - Additional accounting servers. The structure of
accounting_server
block is documented below. - Acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
enable
,disable
. - Acct
Interim intInterval - Time in seconds between each accounting interim update message.
- All
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable
,enable
. - Auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
auto
,ms_chap_v2
,ms_chap
,chap
,pap
. - Ca
Cert string - CA of server to trust under TLS.
- Call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy
,IP
,MAC
. - Classes
List<Pulumiverse.
Fortios. User. Inputs. Radius Class> - Class attribute name(s). The structure of
class
block is documented below. - Client
Cert string - Client certificate to use under TLS.
- Delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus
,comma
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Group
Override stringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id
,class
. - H3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
enable
,disable
. - Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase
,lowercase
. - Mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Name string
- RADIUS server entry name.
- Nas
Id string - Custom NAS identifier.
- Nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy
,custom
,hostname
. - Nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- Password
Encoding string - Password encoding. Valid values:
auto
,ISO-8859-1
. - Password
Renewal string - Enable/disable password renewal. Valid values:
enable
,disable
. - Radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
enable
,disable
. - Radius
Port int - RADIUS service port number.
- Rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
enable
,disable
. - Rsso
Context intTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- Rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - Rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - Rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
enable
,disable
. - Rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
enable
,disable
. - Rsso
Log stringFlags - Events to log. Valid values:
protocol-error
,profile-missing
,accounting-stop-missed
,accounting-event
,endpoint-block
,radiusd-other
,none
. - Rsso
Log intPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- Rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
enable
,disable
. - Rsso
Radius intServer Port - UDP port to listen on for RADIUS Start and Stop records.
- Rsso
Secret string - RADIUS secret used by the RADIUS accounting server.
- Rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
enable
,disable
. - Secondary
Secret string - Secret key to access the secondary server.
- Secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- Secret string
- Pre-shared secret key used to access the primary RADIUS server.
- Server string
- Primary RADIUS server CN domain name or IP address.
- Server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - Source
Ip string - Source IP address for communications to the RADIUS server.
- Sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - Sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- Sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
enable
,disable
. - Status
Ttl int - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- Switch
Controller intAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- Switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
enable
,disable
. - Switch
Controller stringService Type - RADIUS service type. Valid values:
login
,framed
,callback-login
,callback-framed
,outbound
,administrative
,nas-prompt
,authenticate-only
,callback-nas-prompt
,call-check
,callback-administrative
. - Tertiary
Secret string - Secret key to access the tertiary server.
- Tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- Timeout int
- Time in seconds between re-sending authentication requests.
- Tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting).
- Transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp
,tcp
,tls
. - Use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
enable
,disable
. - Username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
enable
,disable
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername
,rfc822name
,dnsname
. - Account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same
,strip
. - Accounting
Servers []RadiusAccounting Server Args - Additional accounting servers. The structure of
accounting_server
block is documented below. - Acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
enable
,disable
. - Acct
Interim intInterval - Time in seconds between each accounting interim update message.
- All
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable
,enable
. - Auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
auto
,ms_chap_v2
,ms_chap
,chap
,pap
. - Ca
Cert string - CA of server to trust under TLS.
- Call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy
,IP
,MAC
. - Classes
[]Radius
Class Args - Class attribute name(s). The structure of
class
block is documented below. - Client
Cert string - Client certificate to use under TLS.
- Delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus
,comma
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Group
Override stringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id
,class
. - H3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
enable
,disable
. - Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase
,lowercase
. - Mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Name string
- RADIUS server entry name.
- Nas
Id string - Custom NAS identifier.
- Nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy
,custom
,hostname
. - Nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- Password
Encoding string - Password encoding. Valid values:
auto
,ISO-8859-1
. - Password
Renewal string - Enable/disable password renewal. Valid values:
enable
,disable
. - Radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
enable
,disable
. - Radius
Port int - RADIUS service port number.
- Rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
enable
,disable
. - Rsso
Context intTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- Rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - Rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - Rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
enable
,disable
. - Rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
enable
,disable
. - Rsso
Log stringFlags - Events to log. Valid values:
protocol-error
,profile-missing
,accounting-stop-missed
,accounting-event
,endpoint-block
,radiusd-other
,none
. - Rsso
Log intPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- Rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
enable
,disable
. - Rsso
Radius intServer Port - UDP port to listen on for RADIUS Start and Stop records.
- Rsso
Secret string - RADIUS secret used by the RADIUS accounting server.
- Rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
enable
,disable
. - Secondary
Secret string - Secret key to access the secondary server.
- Secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- Secret string
- Pre-shared secret key used to access the primary RADIUS server.
- Server string
- Primary RADIUS server CN domain name or IP address.
- Server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - Source
Ip string - Source IP address for communications to the RADIUS server.
- Sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - Sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- Sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
enable
,disable
. - Status
Ttl int - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- Switch
Controller intAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- Switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
enable
,disable
. - Switch
Controller stringService Type - RADIUS service type. Valid values:
login
,framed
,callback-login
,callback-framed
,outbound
,administrative
,nas-prompt
,authenticate-only
,callback-nas-prompt
,call-check
,callback-administrative
. - Tertiary
Secret string - Secret key to access the tertiary server.
- Tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- Timeout int
- Time in seconds between re-sending authentication requests.
- Tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting).
- Transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp
,tcp
,tls
. - Use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
enable
,disable
. - Username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
enable
,disable
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- account
Key StringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername
,rfc822name
,dnsname
. - account
Key StringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same
,strip
. - accounting
Servers List<RadiusAccounting Server> - Additional accounting servers. The structure of
accounting_server
block is documented below. - acct
All StringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
enable
,disable
. - acct
Interim IntegerInterval - Time in seconds between each accounting interim update message.
- all
Usergroup String - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable
,enable
. - auth
Type String - Authentication methods/protocols permitted for this RADIUS server. Valid values:
auto
,ms_chap_v2
,ms_chap
,chap
,pap
. - ca
Cert String - CA of server to trust under TLS.
- call
Station StringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy
,IP
,MAC
. - classes
List<Radius
Class> - Class attribute name(s). The structure of
class
block is documented below. - client
Cert String - Client certificate to use under TLS.
- delimiter String
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus
,comma
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- group
Override StringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id
,class
. - h3c
Compatibility String - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
enable
,disable
. - interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - interface_ String
- Specify outgoing interface to reach server.
- mac
Case String - MAC authentication case (default = lowercase). Valid values:
uppercase
,lowercase
. - mac
Password StringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Username StringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - name String
- RADIUS server entry name.
- nas
Id String - Custom NAS identifier.
- nas
Id StringType - NAS identifier type configuration (default = legacy). Valid values:
legacy
,custom
,hostname
. - nas
Ip String - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- password
Encoding String - Password encoding. Valid values:
auto
,ISO-8859-1
. - password
Renewal String - Enable/disable password renewal. Valid values:
enable
,disable
. - radius
Coa String - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
enable
,disable
. - radius
Port Integer - RADIUS service port number.
- rsso String
- Enable/disable RADIUS based single sign on feature. Valid values:
enable
,disable
. - rsso
Context IntegerTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint StringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso
Endpoint StringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso
Ep StringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
enable
,disable
. - rsso
Flush StringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
enable
,disable
. - rsso
Log StringFlags - Events to log. Valid values:
protocol-error
,profile-missing
,accounting-stop-missed
,accounting-event
,endpoint-block
,radiusd-other
,none
. - rsso
Log IntegerPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius StringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
enable
,disable
. - rsso
Radius IntegerServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secret String - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate StringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
enable
,disable
. - secondary
Secret String - Secret key to access the secondary server.
- secondary
Server String - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret String
- Pre-shared secret key used to access the primary RADIUS server.
- server String
- Primary RADIUS server CN domain name or IP address.
- server
Identity StringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source
Ip String - Source IP address for communications to the RADIUS server.
- sso
Attribute String - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - sso
Attribute StringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute StringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
enable
,disable
. - status
Ttl Integer - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller IntegerAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch
Controller StringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
enable
,disable
. - switch
Controller StringService Type - RADIUS service type. Valid values:
login
,framed
,callback-login
,callback-framed
,outbound
,administrative
,nas-prompt
,authenticate-only
,callback-nas-prompt
,call-check
,callback-administrative
. - tertiary
Secret String - Secret key to access the tertiary server.
- tertiary
Server String - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout Integer
- Time in seconds between re-sending authentication requests.
- tls
Min StringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transport
Protocol String - Transport protocol to be used (default = udp). Valid values:
udp
,tcp
,tls
. - use
Management StringVdom - Enable/disable using management VDOM to send requests. Valid values:
enable
,disable
. - username
Case StringSensitive - Enable/disable case sensitive user names. Valid values:
enable
,disable
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername
,rfc822name
,dnsname
. - account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same
,strip
. - accounting
Servers RadiusAccounting Server[] - Additional accounting servers. The structure of
accounting_server
block is documented below. - acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
enable
,disable
. - acct
Interim numberInterval - Time in seconds between each accounting interim update message.
- all
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable
,enable
. - auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
auto
,ms_chap_v2
,ms_chap
,chap
,pap
. - ca
Cert string - CA of server to trust under TLS.
- call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy
,IP
,MAC
. - classes
Radius
Class[] - Class attribute name(s). The structure of
class
block is documented below. - client
Cert string - Client certificate to use under TLS.
- delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus
,comma
. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- group
Override stringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id
,class
. - h3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
enable
,disable
. - interface string
- Specify outgoing interface to reach server.
- interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase
,lowercase
. - mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - name string
- RADIUS server entry name.
- nas
Id string - Custom NAS identifier.
- nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy
,custom
,hostname
. - nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- password
Encoding string - Password encoding. Valid values:
auto
,ISO-8859-1
. - password
Renewal string - Enable/disable password renewal. Valid values:
enable
,disable
. - radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
enable
,disable
. - radius
Port number - RADIUS service port number.
- rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
enable
,disable
. - rsso
Context numberTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
enable
,disable
. - rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
enable
,disable
. - rsso
Log stringFlags - Events to log. Valid values:
protocol-error
,profile-missing
,accounting-stop-missed
,accounting-event
,endpoint-block
,radiusd-other
,none
. - rsso
Log numberPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
enable
,disable
. - rsso
Radius numberServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secret string - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
enable
,disable
. - secondary
Secret string - Secret key to access the secondary server.
- secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret string
- Pre-shared secret key used to access the primary RADIUS server.
- server string
- Primary RADIUS server CN domain name or IP address.
- server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source
Ip string - Source IP address for communications to the RADIUS server.
- sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
enable
,disable
. - status
Ttl number - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller numberAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
enable
,disable
. - switch
Controller stringService Type - RADIUS service type. Valid values:
login
,framed
,callback-login
,callback-framed
,outbound
,administrative
,nas-prompt
,authenticate-only
,callback-nas-prompt
,call-check
,callback-administrative
. - tertiary
Secret string - Secret key to access the tertiary server.
- tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout number
- Time in seconds between re-sending authentication requests.
- tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp
,tcp
,tls
. - use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
enable
,disable
. - username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
enable
,disable
. - vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- account_
key_ strcert_ field - Define subject identity field in certificate for user access right checking. Valid values:
othername
,rfc822name
,dnsname
. - account_
key_ strprocessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same
,strip
. - accounting_
servers Sequence[RadiusAccounting Server Args] - Additional accounting servers. The structure of
accounting_server
block is documented below. - acct_
all_ strservers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
enable
,disable
. - acct_
interim_ intinterval - Time in seconds between each accounting interim update message.
- all_
usergroup str - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable
,enable
. - auth_
type str - Authentication methods/protocols permitted for this RADIUS server. Valid values:
auto
,ms_chap_v2
,ms_chap
,chap
,pap
. - ca_
cert str - CA of server to trust under TLS.
- call_
station_ strid_ type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy
,IP
,MAC
. - classes
Sequence[Radius
Class Args] - Class attribute name(s). The structure of
class
block is documented below. - client_
cert str - Client certificate to use under TLS.
- delimiter str
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus
,comma
. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- group_
override_ strattr_ type - RADIUS attribute type to override user group information. Valid values:
filter-Id
,class
. - h3c_
compatibility str - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
enable
,disable
. - interface str
- Specify outgoing interface to reach server.
- interface_
select_ strmethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - mac_
case str - MAC authentication case (default = lowercase). Valid values:
uppercase
,lowercase
. - mac_
password_ strdelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac_
username_ strdelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - name str
- RADIUS server entry name.
- nas_
id str - Custom NAS identifier.
- nas_
id_ strtype - NAS identifier type configuration (default = legacy). Valid values:
legacy
,custom
,hostname
. - nas_
ip str - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- password_
encoding str - Password encoding. Valid values:
auto
,ISO-8859-1
. - password_
renewal str - Enable/disable password renewal. Valid values:
enable
,disable
. - radius_
coa str - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
enable
,disable
. - radius_
port int - RADIUS service port number.
- rsso str
- Enable/disable RADIUS based single sign on feature. Valid values:
enable
,disable
. - rsso_
context_ inttimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso_
endpoint_ strattribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso_
endpoint_ strblock_ attribute - RADIUS attributes used to block a user. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso_
ep_ strone_ ip_ only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
enable
,disable
. - rsso_
flush_ strip_ session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
enable
,disable
. - rsso_
log_ strflags - Events to log. Valid values:
protocol-error
,profile-missing
,accounting-stop-missed
,accounting-event
,endpoint-block
,radiusd-other
,none
. - rsso_
log_ intperiod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso_
radius_ strresponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
enable
,disable
. - rsso_
radius_ intserver_ port - UDP port to listen on for RADIUS Start and Stop records.
- rsso_
secret str - RADIUS secret used by the RADIUS accounting server.
- rsso_
validate_ strrequest_ secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
enable
,disable
. - secondary_
secret str - Secret key to access the secondary server.
- secondary_
server str - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret str
- Pre-shared secret key used to access the primary RADIUS server.
- server str
- Primary RADIUS server CN domain name or IP address.
- server_
identity_ strcheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source_
ip str - Source IP address for communications to the RADIUS server.
- sso_
attribute str - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - sso_
attribute_ strkey - Key prefix for SSO group value in the SSO attribute.
- sso_
attribute_ strvalue_ override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
enable
,disable
. - status_
ttl int - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch_
controller_ intacct_ fast_ framedip_ detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch_
controller_ strnas_ ip_ dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
enable
,disable
. - switch_
controller_ strservice_ type - RADIUS service type. Valid values:
login
,framed
,callback-login
,callback-framed
,outbound
,administrative
,nas-prompt
,authenticate-only
,callback-nas-prompt
,call-check
,callback-administrative
. - tertiary_
secret str - Secret key to access the tertiary server.
- tertiary_
server str - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout int
- Time in seconds between re-sending authentication requests.
- tls_
min_ strproto_ version - Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transport_
protocol str - Transport protocol to be used (default = udp). Valid values:
udp
,tcp
,tls
. - use_
management_ strvdom - Enable/disable using management VDOM to send requests. Valid values:
enable
,disable
. - username_
case_ strsensitive - Enable/disable case sensitive user names. Valid values:
enable
,disable
. - vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- account
Key StringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername
,rfc822name
,dnsname
. - account
Key StringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same
,strip
. - accounting
Servers List<Property Map> - Additional accounting servers. The structure of
accounting_server
block is documented below. - acct
All StringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
enable
,disable
. - acct
Interim NumberInterval - Time in seconds between each accounting interim update message.
- all
Usergroup String - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable
,enable
. - auth
Type String - Authentication methods/protocols permitted for this RADIUS server. Valid values:
auto
,ms_chap_v2
,ms_chap
,chap
,pap
. - ca
Cert String - CA of server to trust under TLS.
- call
Station StringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy
,IP
,MAC
. - classes List<Property Map>
- Class attribute name(s). The structure of
class
block is documented below. - client
Cert String - Client certificate to use under TLS.
- delimiter String
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus
,comma
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- group
Override StringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id
,class
. - h3c
Compatibility String - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
enable
,disable
. - interface String
- Specify outgoing interface to reach server.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - mac
Case String - MAC authentication case (default = lowercase). Valid values:
uppercase
,lowercase
. - mac
Password StringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Username StringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - name String
- RADIUS server entry name.
- nas
Id String - Custom NAS identifier.
- nas
Id StringType - NAS identifier type configuration (default = legacy). Valid values:
legacy
,custom
,hostname
. - nas
Ip String - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- password
Encoding String - Password encoding. Valid values:
auto
,ISO-8859-1
. - password
Renewal String - Enable/disable password renewal. Valid values:
enable
,disable
. - radius
Coa String - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
enable
,disable
. - radius
Port Number - RADIUS service port number.
- rsso String
- Enable/disable RADIUS based single sign on feature. Valid values:
enable
,disable
. - rsso
Context NumberTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint StringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso
Endpoint StringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso
Ep StringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
enable
,disable
. - rsso
Flush StringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
enable
,disable
. - rsso
Log StringFlags - Events to log. Valid values:
protocol-error
,profile-missing
,accounting-stop-missed
,accounting-event
,endpoint-block
,radiusd-other
,none
. - rsso
Log NumberPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius StringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
enable
,disable
. - rsso
Radius NumberServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secret String - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate StringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
enable
,disable
. - secondary
Secret String - Secret key to access the secondary server.
- secondary
Server String - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret String
- Pre-shared secret key used to access the primary RADIUS server.
- server String
- Primary RADIUS server CN domain name or IP address.
- server
Identity StringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source
Ip String - Source IP address for communications to the RADIUS server.
- sso
Attribute String - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - sso
Attribute StringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute StringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
enable
,disable
. - status
Ttl Number - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller NumberAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch
Controller StringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
enable
,disable
. - switch
Controller StringService Type - RADIUS service type. Valid values:
login
,framed
,callback-login
,callback-framed
,outbound
,administrative
,nas-prompt
,authenticate-only
,callback-nas-prompt
,call-check
,callback-administrative
. - tertiary
Secret String - Secret key to access the tertiary server.
- tertiary
Server String - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout Number
- Time in seconds between re-sending authentication requests.
- tls
Min StringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transport
Protocol String - Transport protocol to be used (default = udp). Valid values:
udp
,tcp
,tls
. - use
Management StringVdom - Enable/disable using management VDOM to send requests. Valid values:
enable
,disable
. - username
Case StringSensitive - Enable/disable case sensitive user names. Valid values:
enable
,disable
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Outputs
All input properties are implicitly available as output properties. Additionally, the Radius resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Radius Resource
Get an existing Radius resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RadiusState, opts?: CustomResourceOptions): Radius
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_key_cert_field: Optional[str] = None,
account_key_processing: Optional[str] = None,
accounting_servers: Optional[Sequence[RadiusAccountingServerArgs]] = None,
acct_all_servers: Optional[str] = None,
acct_interim_interval: Optional[int] = None,
all_usergroup: Optional[str] = None,
auth_type: Optional[str] = None,
ca_cert: Optional[str] = None,
call_station_id_type: Optional[str] = None,
classes: Optional[Sequence[RadiusClassArgs]] = None,
client_cert: Optional[str] = None,
delimiter: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
get_all_tables: Optional[str] = None,
group_override_attr_type: Optional[str] = None,
h3c_compatibility: Optional[str] = None,
interface: Optional[str] = None,
interface_select_method: Optional[str] = None,
mac_case: Optional[str] = None,
mac_password_delimiter: Optional[str] = None,
mac_username_delimiter: Optional[str] = None,
name: Optional[str] = None,
nas_id: Optional[str] = None,
nas_id_type: Optional[str] = None,
nas_ip: Optional[str] = None,
password_encoding: Optional[str] = None,
password_renewal: Optional[str] = None,
radius_coa: Optional[str] = None,
radius_port: Optional[int] = None,
rsso: Optional[str] = None,
rsso_context_timeout: Optional[int] = None,
rsso_endpoint_attribute: Optional[str] = None,
rsso_endpoint_block_attribute: Optional[str] = None,
rsso_ep_one_ip_only: Optional[str] = None,
rsso_flush_ip_session: Optional[str] = None,
rsso_log_flags: Optional[str] = None,
rsso_log_period: Optional[int] = None,
rsso_radius_response: Optional[str] = None,
rsso_radius_server_port: Optional[int] = None,
rsso_secret: Optional[str] = None,
rsso_validate_request_secret: Optional[str] = None,
secondary_secret: Optional[str] = None,
secondary_server: Optional[str] = None,
secret: Optional[str] = None,
server: Optional[str] = None,
server_identity_check: Optional[str] = None,
source_ip: Optional[str] = None,
sso_attribute: Optional[str] = None,
sso_attribute_key: Optional[str] = None,
sso_attribute_value_override: Optional[str] = None,
status_ttl: Optional[int] = None,
switch_controller_acct_fast_framedip_detect: Optional[int] = None,
switch_controller_nas_ip_dynamic: Optional[str] = None,
switch_controller_service_type: Optional[str] = None,
tertiary_secret: Optional[str] = None,
tertiary_server: Optional[str] = None,
timeout: Optional[int] = None,
tls_min_proto_version: Optional[str] = None,
transport_protocol: Optional[str] = None,
use_management_vdom: Optional[str] = None,
username_case_sensitive: Optional[str] = None,
vdomparam: Optional[str] = None) -> Radius
func GetRadius(ctx *Context, name string, id IDInput, state *RadiusState, opts ...ResourceOption) (*Radius, error)
public static Radius Get(string name, Input<string> id, RadiusState? state, CustomResourceOptions? opts = null)
public static Radius get(String name, Output<String> id, RadiusState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername
,rfc822name
,dnsname
. - Account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same
,strip
. - Accounting
Servers List<Pulumiverse.Fortios. User. Inputs. Radius Accounting Server> - Additional accounting servers. The structure of
accounting_server
block is documented below. - Acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
enable
,disable
. - Acct
Interim intInterval - Time in seconds between each accounting interim update message.
- All
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable
,enable
. - Auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
auto
,ms_chap_v2
,ms_chap
,chap
,pap
. - Ca
Cert string - CA of server to trust under TLS.
- Call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy
,IP
,MAC
. - Classes
List<Pulumiverse.
Fortios. User. Inputs. Radius Class> - Class attribute name(s). The structure of
class
block is documented below. - Client
Cert string - Client certificate to use under TLS.
- Delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus
,comma
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Group
Override stringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id
,class
. - H3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
enable
,disable
. - Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase
,lowercase
. - Mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Name string
- RADIUS server entry name.
- Nas
Id string - Custom NAS identifier.
- Nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy
,custom
,hostname
. - Nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- Password
Encoding string - Password encoding. Valid values:
auto
,ISO-8859-1
. - Password
Renewal string - Enable/disable password renewal. Valid values:
enable
,disable
. - Radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
enable
,disable
. - Radius
Port int - RADIUS service port number.
- Rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
enable
,disable
. - Rsso
Context intTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- Rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - Rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - Rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
enable
,disable
. - Rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
enable
,disable
. - Rsso
Log stringFlags - Events to log. Valid values:
protocol-error
,profile-missing
,accounting-stop-missed
,accounting-event
,endpoint-block
,radiusd-other
,none
. - Rsso
Log intPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- Rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
enable
,disable
. - Rsso
Radius intServer Port - UDP port to listen on for RADIUS Start and Stop records.
- Rsso
Secret string - RADIUS secret used by the RADIUS accounting server.
- Rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
enable
,disable
. - Secondary
Secret string - Secret key to access the secondary server.
- Secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- Secret string
- Pre-shared secret key used to access the primary RADIUS server.
- Server string
- Primary RADIUS server CN domain name or IP address.
- Server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - Source
Ip string - Source IP address for communications to the RADIUS server.
- Sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - Sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- Sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
enable
,disable
. - Status
Ttl int - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- Switch
Controller intAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- Switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
enable
,disable
. - Switch
Controller stringService Type - RADIUS service type. Valid values:
login
,framed
,callback-login
,callback-framed
,outbound
,administrative
,nas-prompt
,authenticate-only
,callback-nas-prompt
,call-check
,callback-administrative
. - Tertiary
Secret string - Secret key to access the tertiary server.
- Tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- Timeout int
- Time in seconds between re-sending authentication requests.
- Tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting).
- Transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp
,tcp
,tls
. - Use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
enable
,disable
. - Username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
enable
,disable
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername
,rfc822name
,dnsname
. - Account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same
,strip
. - Accounting
Servers []RadiusAccounting Server Args - Additional accounting servers. The structure of
accounting_server
block is documented below. - Acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
enable
,disable
. - Acct
Interim intInterval - Time in seconds between each accounting interim update message.
- All
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable
,enable
. - Auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
auto
,ms_chap_v2
,ms_chap
,chap
,pap
. - Ca
Cert string - CA of server to trust under TLS.
- Call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy
,IP
,MAC
. - Classes
[]Radius
Class Args - Class attribute name(s). The structure of
class
block is documented below. - Client
Cert string - Client certificate to use under TLS.
- Delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus
,comma
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Group
Override stringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id
,class
. - H3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
enable
,disable
. - Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase
,lowercase
. - Mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Name string
- RADIUS server entry name.
- Nas
Id string - Custom NAS identifier.
- Nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy
,custom
,hostname
. - Nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- Password
Encoding string - Password encoding. Valid values:
auto
,ISO-8859-1
. - Password
Renewal string - Enable/disable password renewal. Valid values:
enable
,disable
. - Radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
enable
,disable
. - Radius
Port int - RADIUS service port number.
- Rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
enable
,disable
. - Rsso
Context intTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- Rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - Rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - Rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
enable
,disable
. - Rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
enable
,disable
. - Rsso
Log stringFlags - Events to log. Valid values:
protocol-error
,profile-missing
,accounting-stop-missed
,accounting-event
,endpoint-block
,radiusd-other
,none
. - Rsso
Log intPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- Rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
enable
,disable
. - Rsso
Radius intServer Port - UDP port to listen on for RADIUS Start and Stop records.
- Rsso
Secret string - RADIUS secret used by the RADIUS accounting server.
- Rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
enable
,disable
. - Secondary
Secret string - Secret key to access the secondary server.
- Secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- Secret string
- Pre-shared secret key used to access the primary RADIUS server.
- Server string
- Primary RADIUS server CN domain name or IP address.
- Server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - Source
Ip string - Source IP address for communications to the RADIUS server.
- Sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - Sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- Sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
enable
,disable
. - Status
Ttl int - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- Switch
Controller intAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- Switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
enable
,disable
. - Switch
Controller stringService Type - RADIUS service type. Valid values:
login
,framed
,callback-login
,callback-framed
,outbound
,administrative
,nas-prompt
,authenticate-only
,callback-nas-prompt
,call-check
,callback-administrative
. - Tertiary
Secret string - Secret key to access the tertiary server.
- Tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- Timeout int
- Time in seconds between re-sending authentication requests.
- Tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting).
- Transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp
,tcp
,tls
. - Use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
enable
,disable
. - Username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
enable
,disable
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- account
Key StringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername
,rfc822name
,dnsname
. - account
Key StringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same
,strip
. - accounting
Servers List<RadiusAccounting Server> - Additional accounting servers. The structure of
accounting_server
block is documented below. - acct
All StringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
enable
,disable
. - acct
Interim IntegerInterval - Time in seconds between each accounting interim update message.
- all
Usergroup String - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable
,enable
. - auth
Type String - Authentication methods/protocols permitted for this RADIUS server. Valid values:
auto
,ms_chap_v2
,ms_chap
,chap
,pap
. - ca
Cert String - CA of server to trust under TLS.
- call
Station StringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy
,IP
,MAC
. - classes
List<Radius
Class> - Class attribute name(s). The structure of
class
block is documented below. - client
Cert String - Client certificate to use under TLS.
- delimiter String
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus
,comma
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- group
Override StringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id
,class
. - h3c
Compatibility String - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
enable
,disable
. - interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - interface_ String
- Specify outgoing interface to reach server.
- mac
Case String - MAC authentication case (default = lowercase). Valid values:
uppercase
,lowercase
. - mac
Password StringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Username StringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - name String
- RADIUS server entry name.
- nas
Id String - Custom NAS identifier.
- nas
Id StringType - NAS identifier type configuration (default = legacy). Valid values:
legacy
,custom
,hostname
. - nas
Ip String - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- password
Encoding String - Password encoding. Valid values:
auto
,ISO-8859-1
. - password
Renewal String - Enable/disable password renewal. Valid values:
enable
,disable
. - radius
Coa String - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
enable
,disable
. - radius
Port Integer - RADIUS service port number.
- rsso String
- Enable/disable RADIUS based single sign on feature. Valid values:
enable
,disable
. - rsso
Context IntegerTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint StringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso
Endpoint StringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso
Ep StringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
enable
,disable
. - rsso
Flush StringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
enable
,disable
. - rsso
Log StringFlags - Events to log. Valid values:
protocol-error
,profile-missing
,accounting-stop-missed
,accounting-event
,endpoint-block
,radiusd-other
,none
. - rsso
Log IntegerPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius StringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
enable
,disable
. - rsso
Radius IntegerServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secret String - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate StringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
enable
,disable
. - secondary
Secret String - Secret key to access the secondary server.
- secondary
Server String - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret String
- Pre-shared secret key used to access the primary RADIUS server.
- server String
- Primary RADIUS server CN domain name or IP address.
- server
Identity StringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source
Ip String - Source IP address for communications to the RADIUS server.
- sso
Attribute String - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - sso
Attribute StringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute StringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
enable
,disable
. - status
Ttl Integer - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller IntegerAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch
Controller StringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
enable
,disable
. - switch
Controller StringService Type - RADIUS service type. Valid values:
login
,framed
,callback-login
,callback-framed
,outbound
,administrative
,nas-prompt
,authenticate-only
,callback-nas-prompt
,call-check
,callback-administrative
. - tertiary
Secret String - Secret key to access the tertiary server.
- tertiary
Server String - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout Integer
- Time in seconds between re-sending authentication requests.
- tls
Min StringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transport
Protocol String - Transport protocol to be used (default = udp). Valid values:
udp
,tcp
,tls
. - use
Management StringVdom - Enable/disable using management VDOM to send requests. Valid values:
enable
,disable
. - username
Case StringSensitive - Enable/disable case sensitive user names. Valid values:
enable
,disable
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- account
Key stringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername
,rfc822name
,dnsname
. - account
Key stringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same
,strip
. - accounting
Servers RadiusAccounting Server[] - Additional accounting servers. The structure of
accounting_server
block is documented below. - acct
All stringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
enable
,disable
. - acct
Interim numberInterval - Time in seconds between each accounting interim update message.
- all
Usergroup string - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable
,enable
. - auth
Type string - Authentication methods/protocols permitted for this RADIUS server. Valid values:
auto
,ms_chap_v2
,ms_chap
,chap
,pap
. - ca
Cert string - CA of server to trust under TLS.
- call
Station stringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy
,IP
,MAC
. - classes
Radius
Class[] - Class attribute name(s). The structure of
class
block is documented below. - client
Cert string - Client certificate to use under TLS.
- delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus
,comma
. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- group
Override stringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id
,class
. - h3c
Compatibility string - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
enable
,disable
. - interface string
- Specify outgoing interface to reach server.
- interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - mac
Case string - MAC authentication case (default = lowercase). Valid values:
uppercase
,lowercase
. - mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - name string
- RADIUS server entry name.
- nas
Id string - Custom NAS identifier.
- nas
Id stringType - NAS identifier type configuration (default = legacy). Valid values:
legacy
,custom
,hostname
. - nas
Ip string - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- password
Encoding string - Password encoding. Valid values:
auto
,ISO-8859-1
. - password
Renewal string - Enable/disable password renewal. Valid values:
enable
,disable
. - radius
Coa string - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
enable
,disable
. - radius
Port number - RADIUS service port number.
- rsso string
- Enable/disable RADIUS based single sign on feature. Valid values:
enable
,disable
. - rsso
Context numberTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint stringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso
Endpoint stringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso
Ep stringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
enable
,disable
. - rsso
Flush stringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
enable
,disable
. - rsso
Log stringFlags - Events to log. Valid values:
protocol-error
,profile-missing
,accounting-stop-missed
,accounting-event
,endpoint-block
,radiusd-other
,none
. - rsso
Log numberPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius stringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
enable
,disable
. - rsso
Radius numberServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secret string - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate stringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
enable
,disable
. - secondary
Secret string - Secret key to access the secondary server.
- secondary
Server string - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret string
- Pre-shared secret key used to access the primary RADIUS server.
- server string
- Primary RADIUS server CN domain name or IP address.
- server
Identity stringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source
Ip string - Source IP address for communications to the RADIUS server.
- sso
Attribute string - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - sso
Attribute stringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute stringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
enable
,disable
. - status
Ttl number - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller numberAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch
Controller stringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
enable
,disable
. - switch
Controller stringService Type - RADIUS service type. Valid values:
login
,framed
,callback-login
,callback-framed
,outbound
,administrative
,nas-prompt
,authenticate-only
,callback-nas-prompt
,call-check
,callback-administrative
. - tertiary
Secret string - Secret key to access the tertiary server.
- tertiary
Server string - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout number
- Time in seconds between re-sending authentication requests.
- tls
Min stringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transport
Protocol string - Transport protocol to be used (default = udp). Valid values:
udp
,tcp
,tls
. - use
Management stringVdom - Enable/disable using management VDOM to send requests. Valid values:
enable
,disable
. - username
Case stringSensitive - Enable/disable case sensitive user names. Valid values:
enable
,disable
. - vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- account_
key_ strcert_ field - Define subject identity field in certificate for user access right checking. Valid values:
othername
,rfc822name
,dnsname
. - account_
key_ strprocessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same
,strip
. - accounting_
servers Sequence[RadiusAccounting Server Args] - Additional accounting servers. The structure of
accounting_server
block is documented below. - acct_
all_ strservers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
enable
,disable
. - acct_
interim_ intinterval - Time in seconds between each accounting interim update message.
- all_
usergroup str - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable
,enable
. - auth_
type str - Authentication methods/protocols permitted for this RADIUS server. Valid values:
auto
,ms_chap_v2
,ms_chap
,chap
,pap
. - ca_
cert str - CA of server to trust under TLS.
- call_
station_ strid_ type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy
,IP
,MAC
. - classes
Sequence[Radius
Class Args] - Class attribute name(s). The structure of
class
block is documented below. - client_
cert str - Client certificate to use under TLS.
- delimiter str
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus
,comma
. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- group_
override_ strattr_ type - RADIUS attribute type to override user group information. Valid values:
filter-Id
,class
. - h3c_
compatibility str - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
enable
,disable
. - interface str
- Specify outgoing interface to reach server.
- interface_
select_ strmethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - mac_
case str - MAC authentication case (default = lowercase). Valid values:
uppercase
,lowercase
. - mac_
password_ strdelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac_
username_ strdelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - name str
- RADIUS server entry name.
- nas_
id str - Custom NAS identifier.
- nas_
id_ strtype - NAS identifier type configuration (default = legacy). Valid values:
legacy
,custom
,hostname
. - nas_
ip str - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- password_
encoding str - Password encoding. Valid values:
auto
,ISO-8859-1
. - password_
renewal str - Enable/disable password renewal. Valid values:
enable
,disable
. - radius_
coa str - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
enable
,disable
. - radius_
port int - RADIUS service port number.
- rsso str
- Enable/disable RADIUS based single sign on feature. Valid values:
enable
,disable
. - rsso_
context_ inttimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso_
endpoint_ strattribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso_
endpoint_ strblock_ attribute - RADIUS attributes used to block a user. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso_
ep_ strone_ ip_ only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
enable
,disable
. - rsso_
flush_ strip_ session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
enable
,disable
. - rsso_
log_ strflags - Events to log. Valid values:
protocol-error
,profile-missing
,accounting-stop-missed
,accounting-event
,endpoint-block
,radiusd-other
,none
. - rsso_
log_ intperiod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso_
radius_ strresponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
enable
,disable
. - rsso_
radius_ intserver_ port - UDP port to listen on for RADIUS Start and Stop records.
- rsso_
secret str - RADIUS secret used by the RADIUS accounting server.
- rsso_
validate_ strrequest_ secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
enable
,disable
. - secondary_
secret str - Secret key to access the secondary server.
- secondary_
server str - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret str
- Pre-shared secret key used to access the primary RADIUS server.
- server str
- Primary RADIUS server CN domain name or IP address.
- server_
identity_ strcheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source_
ip str - Source IP address for communications to the RADIUS server.
- sso_
attribute str - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - sso_
attribute_ strkey - Key prefix for SSO group value in the SSO attribute.
- sso_
attribute_ strvalue_ override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
enable
,disable
. - status_
ttl int - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch_
controller_ intacct_ fast_ framedip_ detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch_
controller_ strnas_ ip_ dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
enable
,disable
. - switch_
controller_ strservice_ type - RADIUS service type. Valid values:
login
,framed
,callback-login
,callback-framed
,outbound
,administrative
,nas-prompt
,authenticate-only
,callback-nas-prompt
,call-check
,callback-administrative
. - tertiary_
secret str - Secret key to access the tertiary server.
- tertiary_
server str - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout int
- Time in seconds between re-sending authentication requests.
- tls_
min_ strproto_ version - Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transport_
protocol str - Transport protocol to be used (default = udp). Valid values:
udp
,tcp
,tls
. - use_
management_ strvdom - Enable/disable using management VDOM to send requests. Valid values:
enable
,disable
. - username_
case_ strsensitive - Enable/disable case sensitive user names. Valid values:
enable
,disable
. - vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- account
Key StringCert Field - Define subject identity field in certificate for user access right checking. Valid values:
othername
,rfc822name
,dnsname
. - account
Key StringProcessing - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values:
same
,strip
. - accounting
Servers List<Property Map> - Additional accounting servers. The structure of
accounting_server
block is documented below. - acct
All StringServers - Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values:
enable
,disable
. - acct
Interim NumberInterval - Time in seconds between each accounting interim update message.
- all
Usergroup String - Enable/disable automatically including this RADIUS server in all user groups. Valid values:
disable
,enable
. - auth
Type String - Authentication methods/protocols permitted for this RADIUS server. Valid values:
auto
,ms_chap_v2
,ms_chap
,chap
,pap
. - ca
Cert String - CA of server to trust under TLS.
- call
Station StringId Type - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values:
legacy
,IP
,MAC
. - classes List<Property Map>
- Class attribute name(s). The structure of
class
block is documented below. - client
Cert String - Client certificate to use under TLS.
- delimiter String
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values:
plus
,comma
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- group
Override StringAttr Type - RADIUS attribute type to override user group information. Valid values:
filter-Id
,class
. - h3c
Compatibility String - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values:
enable
,disable
. - interface String
- Specify outgoing interface to reach server.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - mac
Case String - MAC authentication case (default = lowercase). Valid values:
uppercase
,lowercase
. - mac
Password StringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Username StringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - name String
- RADIUS server entry name.
- nas
Id String - Custom NAS identifier.
- nas
Id StringType - NAS identifier type configuration (default = legacy). Valid values:
legacy
,custom
,hostname
. - nas
Ip String - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- password
Encoding String - Password encoding. Valid values:
auto
,ISO-8859-1
. - password
Renewal String - Enable/disable password renewal. Valid values:
enable
,disable
. - radius
Coa String - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values:
enable
,disable
. - radius
Port Number - RADIUS service port number.
- rsso String
- Enable/disable RADIUS based single sign on feature. Valid values:
enable
,disable
. - rsso
Context NumberTimeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso
Endpoint StringAttribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso
Endpoint StringBlock Attribute - RADIUS attributes used to block a user. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - rsso
Ep StringOne Ip Only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values:
enable
,disable
. - rsso
Flush StringIp Session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values:
enable
,disable
. - rsso
Log StringFlags - Events to log. Valid values:
protocol-error
,profile-missing
,accounting-stop-missed
,accounting-event
,endpoint-block
,radiusd-other
,none
. - rsso
Log NumberPeriod - Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso
Radius StringResponse - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values:
enable
,disable
. - rsso
Radius NumberServer Port - UDP port to listen on for RADIUS Start and Stop records.
- rsso
Secret String - RADIUS secret used by the RADIUS accounting server.
- rsso
Validate StringRequest Secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values:
enable
,disable
. - secondary
Secret String - Secret key to access the secondary server.
- secondary
Server String - {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret String
- Pre-shared secret key used to access the primary RADIUS server.
- server String
- Primary RADIUS server CN domain name or IP address.
- server
Identity StringCheck - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source
Ip String - Source IP address for communications to the RADIUS server.
- sso
Attribute String - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values:
User-Name
,NAS-IP-Address
,Framed-IP-Address
,Framed-IP-Netmask
,Filter-Id
,Login-IP-Host
,Reply-Message
,Callback-Number
,Callback-Id
,Framed-Route
,Framed-IPX-Network
,Class
,Called-Station-Id
,Calling-Station-Id
,NAS-Identifier
,Proxy-State
,Login-LAT-Service
,Login-LAT-Node
,Login-LAT-Group
,Framed-AppleTalk-Zone
,Acct-Session-Id
,Acct-Multi-Session-Id
. - sso
Attribute StringKey - Key prefix for SSO group value in the SSO attribute.
- sso
Attribute StringValue Override - Enable/disable override old attribute value with new value for the same endpoint. Valid values:
enable
,disable
. - status
Ttl Number - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch
Controller NumberAcct Fast Framedip Detect - Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch
Controller StringNas Ip Dynamic - Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values:
enable
,disable
. - switch
Controller StringService Type - RADIUS service type. Valid values:
login
,framed
,callback-login
,callback-framed
,outbound
,administrative
,nas-prompt
,authenticate-only
,callback-nas-prompt
,call-check
,callback-administrative
. - tertiary
Secret String - Secret key to access the tertiary server.
- tertiary
Server String - {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout Number
- Time in seconds between re-sending authentication requests.
- tls
Min StringProto Version - Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transport
Protocol String - Transport protocol to be used (default = udp). Valid values:
udp
,tcp
,tls
. - use
Management StringVdom - Enable/disable using management VDOM to send requests. Valid values:
enable
,disable
. - username
Case StringSensitive - Enable/disable case sensitive user names. Valid values:
enable
,disable
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Supporting Types
RadiusAccountingServer, RadiusAccountingServerArgs
- Id int
- ID (0 - 4294967295).
- Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Port int
- RADIUS accounting port number.
- Secret string
- Secret key.
- Server string
- {<name_str|ip_str>} Server CN domain name or IP.
- Source
Ip string - Source IP address for communications to the RADIUS server.
- Status string
- Status. Valid values:
enable
,disable
.
- Id int
- ID (0 - 4294967295).
- Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Port int
- RADIUS accounting port number.
- Secret string
- Secret key.
- Server string
- {<name_str|ip_str>} Server CN domain name or IP.
- Source
Ip string - Source IP address for communications to the RADIUS server.
- Status string
- Status. Valid values:
enable
,disable
.
- id Integer
- ID (0 - 4294967295).
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - interface_ String
- Specify outgoing interface to reach server.
- port Integer
- RADIUS accounting port number.
- secret String
- Secret key.
- server String
- {<name_str|ip_str>} Server CN domain name or IP.
- source
Ip String - Source IP address for communications to the RADIUS server.
- status String
- Status. Valid values:
enable
,disable
.
- id number
- ID (0 - 4294967295).
- interface string
- Specify outgoing interface to reach server.
- interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - port number
- RADIUS accounting port number.
- secret string
- Secret key.
- server string
- {<name_str|ip_str>} Server CN domain name or IP.
- source
Ip string - Source IP address for communications to the RADIUS server.
- status string
- Status. Valid values:
enable
,disable
.
- id int
- ID (0 - 4294967295).
- interface str
- Specify outgoing interface to reach server.
- interface_
select_ strmethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - port int
- RADIUS accounting port number.
- secret str
- Secret key.
- server str
- {<name_str|ip_str>} Server CN domain name or IP.
- source_
ip str - Source IP address for communications to the RADIUS server.
- status str
- Status. Valid values:
enable
,disable
.
- id Number
- ID (0 - 4294967295).
- interface String
- Specify outgoing interface to reach server.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - port Number
- RADIUS accounting port number.
- secret String
- Secret key.
- server String
- {<name_str|ip_str>} Server CN domain name or IP.
- source
Ip String - Source IP address for communications to the RADIUS server.
- status String
- Status. Valid values:
enable
,disable
.
RadiusClass, RadiusClassArgs
- Name string
- Class name.
- Name string
- Class name.
- name String
- Class name.
- name string
- Class name.
- name str
- Class name.
- name String
- Class name.
Import
User Radius can be imported using any of these accepted formats:
$ pulumi import fortios:user/radius:Radius labelname {{name}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:user/radius:Radius labelname {{name}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortios
Terraform Provider.