1. Packages
  2. Fortios
  3. API Docs
  4. user
  5. Radius
Fortios v0.0.5 published on Tuesday, Apr 9, 2024 by pulumiverse

fortios.user.Radius

Explore with Pulumi AI

fortios logo
Fortios v0.0.5 published on Tuesday, Apr 9, 2024 by pulumiverse

    Configure RADIUS server entries.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fortios from "@pulumiverse/fortios";
    
    const trname = new fortios.user.Radius("trname", {
        acctAllServers: "disable",
        allUsergroup: "disable",
        authType: "auto",
        h3cCompatibility: "disable",
        nasIp: "0.0.0.0",
        passwordEncoding: "auto",
        passwordRenewal: "disable",
        radiusCoa: "disable",
        radiusPort: 0,
        rsso: "disable",
        rssoContextTimeout: 28800,
        rssoEndpointAttribute: "Calling-Station-Id",
        rssoEpOneIpOnly: "disable",
        rssoFlushIpSession: "disable",
        rssoLogFlags: "protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other",
        rssoLogPeriod: 0,
        rssoRadiusResponse: "disable",
        rssoRadiusServerPort: 1813,
        rssoValidateRequestSecret: "disable",
        secret: "FDaaewjkeiw32",
        server: "1.1.1.1",
        ssoAttribute: "Class",
        ssoAttributeValueOverride: "enable",
        timeout: 5,
        useManagementVdom: "disable",
        usernameCaseSensitive: "disable",
    });
    
    import pulumi
    import pulumiverse_fortios as fortios
    
    trname = fortios.user.Radius("trname",
        acct_all_servers="disable",
        all_usergroup="disable",
        auth_type="auto",
        h3c_compatibility="disable",
        nas_ip="0.0.0.0",
        password_encoding="auto",
        password_renewal="disable",
        radius_coa="disable",
        radius_port=0,
        rsso="disable",
        rsso_context_timeout=28800,
        rsso_endpoint_attribute="Calling-Station-Id",
        rsso_ep_one_ip_only="disable",
        rsso_flush_ip_session="disable",
        rsso_log_flags="protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other",
        rsso_log_period=0,
        rsso_radius_response="disable",
        rsso_radius_server_port=1813,
        rsso_validate_request_secret="disable",
        secret="FDaaewjkeiw32",
        server="1.1.1.1",
        sso_attribute="Class",
        sso_attribute_value_override="enable",
        timeout=5,
        use_management_vdom="disable",
        username_case_sensitive="disable")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/user"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := user.NewRadius(ctx, "trname", &user.RadiusArgs{
    			AcctAllServers:            pulumi.String("disable"),
    			AllUsergroup:              pulumi.String("disable"),
    			AuthType:                  pulumi.String("auto"),
    			H3cCompatibility:          pulumi.String("disable"),
    			NasIp:                     pulumi.String("0.0.0.0"),
    			PasswordEncoding:          pulumi.String("auto"),
    			PasswordRenewal:           pulumi.String("disable"),
    			RadiusCoa:                 pulumi.String("disable"),
    			RadiusPort:                pulumi.Int(0),
    			Rsso:                      pulumi.String("disable"),
    			RssoContextTimeout:        pulumi.Int(28800),
    			RssoEndpointAttribute:     pulumi.String("Calling-Station-Id"),
    			RssoEpOneIpOnly:           pulumi.String("disable"),
    			RssoFlushIpSession:        pulumi.String("disable"),
    			RssoLogFlags:              pulumi.String("protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other"),
    			RssoLogPeriod:             pulumi.Int(0),
    			RssoRadiusResponse:        pulumi.String("disable"),
    			RssoRadiusServerPort:      pulumi.Int(1813),
    			RssoValidateRequestSecret: pulumi.String("disable"),
    			Secret:                    pulumi.String("FDaaewjkeiw32"),
    			Server:                    pulumi.String("1.1.1.1"),
    			SsoAttribute:              pulumi.String("Class"),
    			SsoAttributeValueOverride: pulumi.String("enable"),
    			Timeout:                   pulumi.Int(5),
    			UseManagementVdom:         pulumi.String("disable"),
    			UsernameCaseSensitive:     pulumi.String("disable"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fortios = Pulumiverse.Fortios;
    
    return await Deployment.RunAsync(() => 
    {
        var trname = new Fortios.User.Radius("trname", new()
        {
            AcctAllServers = "disable",
            AllUsergroup = "disable",
            AuthType = "auto",
            H3cCompatibility = "disable",
            NasIp = "0.0.0.0",
            PasswordEncoding = "auto",
            PasswordRenewal = "disable",
            RadiusCoa = "disable",
            RadiusPort = 0,
            Rsso = "disable",
            RssoContextTimeout = 28800,
            RssoEndpointAttribute = "Calling-Station-Id",
            RssoEpOneIpOnly = "disable",
            RssoFlushIpSession = "disable",
            RssoLogFlags = "protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other",
            RssoLogPeriod = 0,
            RssoRadiusResponse = "disable",
            RssoRadiusServerPort = 1813,
            RssoValidateRequestSecret = "disable",
            Secret = "FDaaewjkeiw32",
            Server = "1.1.1.1",
            SsoAttribute = "Class",
            SsoAttributeValueOverride = "enable",
            Timeout = 5,
            UseManagementVdom = "disable",
            UsernameCaseSensitive = "disable",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fortios.user.Radius;
    import com.pulumi.fortios.user.RadiusArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var trname = new Radius("trname", RadiusArgs.builder()        
                .acctAllServers("disable")
                .allUsergroup("disable")
                .authType("auto")
                .h3cCompatibility("disable")
                .nasIp("0.0.0.0")
                .passwordEncoding("auto")
                .passwordRenewal("disable")
                .radiusCoa("disable")
                .radiusPort(0)
                .rsso("disable")
                .rssoContextTimeout(28800)
                .rssoEndpointAttribute("Calling-Station-Id")
                .rssoEpOneIpOnly("disable")
                .rssoFlushIpSession("disable")
                .rssoLogFlags("protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other")
                .rssoLogPeriod(0)
                .rssoRadiusResponse("disable")
                .rssoRadiusServerPort(1813)
                .rssoValidateRequestSecret("disable")
                .secret("FDaaewjkeiw32")
                .server("1.1.1.1")
                .ssoAttribute("Class")
                .ssoAttributeValueOverride("enable")
                .timeout(5)
                .useManagementVdom("disable")
                .usernameCaseSensitive("disable")
                .build());
    
        }
    }
    
    resources:
      trname:
        type: fortios:user:Radius
        properties:
          acctAllServers: disable
          allUsergroup: disable
          authType: auto
          h3cCompatibility: disable
          nasIp: 0.0.0.0
          passwordEncoding: auto
          passwordRenewal: disable
          radiusCoa: disable
          radiusPort: 0
          rsso: disable
          rssoContextTimeout: 28800
          rssoEndpointAttribute: Calling-Station-Id
          rssoEpOneIpOnly: disable
          rssoFlushIpSession: disable
          rssoLogFlags: protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other
          rssoLogPeriod: 0
          rssoRadiusResponse: disable
          rssoRadiusServerPort: 1813
          rssoValidateRequestSecret: disable
          secret: FDaaewjkeiw32
          server: 1.1.1.1
          ssoAttribute: Class
          ssoAttributeValueOverride: enable
          timeout: 5
          useManagementVdom: disable
          usernameCaseSensitive: disable
    

    Create Radius Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Radius(name: string, args?: RadiusArgs, opts?: CustomResourceOptions);
    @overload
    def Radius(resource_name: str,
               args: Optional[RadiusArgs] = None,
               opts: Optional[ResourceOptions] = None)
    
    @overload
    def Radius(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               account_key_cert_field: Optional[str] = None,
               account_key_processing: Optional[str] = None,
               accounting_servers: Optional[Sequence[RadiusAccountingServerArgs]] = None,
               acct_all_servers: Optional[str] = None,
               acct_interim_interval: Optional[int] = None,
               all_usergroup: Optional[str] = None,
               auth_type: Optional[str] = None,
               ca_cert: Optional[str] = None,
               call_station_id_type: Optional[str] = None,
               classes: Optional[Sequence[RadiusClassArgs]] = None,
               client_cert: Optional[str] = None,
               delimiter: Optional[str] = None,
               dynamic_sort_subtable: Optional[str] = None,
               get_all_tables: Optional[str] = None,
               group_override_attr_type: Optional[str] = None,
               h3c_compatibility: Optional[str] = None,
               interface: Optional[str] = None,
               interface_select_method: Optional[str] = None,
               mac_case: Optional[str] = None,
               mac_password_delimiter: Optional[str] = None,
               mac_username_delimiter: Optional[str] = None,
               name: Optional[str] = None,
               nas_id: Optional[str] = None,
               nas_id_type: Optional[str] = None,
               nas_ip: Optional[str] = None,
               password_encoding: Optional[str] = None,
               password_renewal: Optional[str] = None,
               radius_coa: Optional[str] = None,
               radius_port: Optional[int] = None,
               rsso: Optional[str] = None,
               rsso_context_timeout: Optional[int] = None,
               rsso_endpoint_attribute: Optional[str] = None,
               rsso_endpoint_block_attribute: Optional[str] = None,
               rsso_ep_one_ip_only: Optional[str] = None,
               rsso_flush_ip_session: Optional[str] = None,
               rsso_log_flags: Optional[str] = None,
               rsso_log_period: Optional[int] = None,
               rsso_radius_response: Optional[str] = None,
               rsso_radius_server_port: Optional[int] = None,
               rsso_secret: Optional[str] = None,
               rsso_validate_request_secret: Optional[str] = None,
               secondary_secret: Optional[str] = None,
               secondary_server: Optional[str] = None,
               secret: Optional[str] = None,
               server: Optional[str] = None,
               server_identity_check: Optional[str] = None,
               source_ip: Optional[str] = None,
               sso_attribute: Optional[str] = None,
               sso_attribute_key: Optional[str] = None,
               sso_attribute_value_override: Optional[str] = None,
               status_ttl: Optional[int] = None,
               switch_controller_acct_fast_framedip_detect: Optional[int] = None,
               switch_controller_nas_ip_dynamic: Optional[str] = None,
               switch_controller_service_type: Optional[str] = None,
               tertiary_secret: Optional[str] = None,
               tertiary_server: Optional[str] = None,
               timeout: Optional[int] = None,
               tls_min_proto_version: Optional[str] = None,
               transport_protocol: Optional[str] = None,
               use_management_vdom: Optional[str] = None,
               username_case_sensitive: Optional[str] = None,
               vdomparam: Optional[str] = None)
    func NewRadius(ctx *Context, name string, args *RadiusArgs, opts ...ResourceOption) (*Radius, error)
    public Radius(string name, RadiusArgs? args = null, CustomResourceOptions? opts = null)
    public Radius(String name, RadiusArgs args)
    public Radius(String name, RadiusArgs args, CustomResourceOptions options)
    
    type: fortios:user:Radius
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args RadiusArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RadiusArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RadiusArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RadiusArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RadiusArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var radiusResource = new Fortios.User.Radius("radiusResource", new()
    {
        AccountKeyCertField = "string",
        AccountKeyProcessing = "string",
        AccountingServers = new[]
        {
            new Fortios.User.Inputs.RadiusAccountingServerArgs
            {
                Id = 0,
                Interface = "string",
                InterfaceSelectMethod = "string",
                Port = 0,
                Secret = "string",
                Server = "string",
                SourceIp = "string",
                Status = "string",
            },
        },
        AcctAllServers = "string",
        AcctInterimInterval = 0,
        AllUsergroup = "string",
        AuthType = "string",
        CaCert = "string",
        CallStationIdType = "string",
        Classes = new[]
        {
            new Fortios.User.Inputs.RadiusClassArgs
            {
                Name = "string",
            },
        },
        ClientCert = "string",
        Delimiter = "string",
        DynamicSortSubtable = "string",
        GetAllTables = "string",
        GroupOverrideAttrType = "string",
        H3cCompatibility = "string",
        Interface = "string",
        InterfaceSelectMethod = "string",
        MacCase = "string",
        MacPasswordDelimiter = "string",
        MacUsernameDelimiter = "string",
        Name = "string",
        NasId = "string",
        NasIdType = "string",
        NasIp = "string",
        PasswordEncoding = "string",
        PasswordRenewal = "string",
        RadiusCoa = "string",
        RadiusPort = 0,
        Rsso = "string",
        RssoContextTimeout = 0,
        RssoEndpointAttribute = "string",
        RssoEndpointBlockAttribute = "string",
        RssoEpOneIpOnly = "string",
        RssoFlushIpSession = "string",
        RssoLogFlags = "string",
        RssoLogPeriod = 0,
        RssoRadiusResponse = "string",
        RssoRadiusServerPort = 0,
        RssoSecret = "string",
        RssoValidateRequestSecret = "string",
        SecondarySecret = "string",
        SecondaryServer = "string",
        Secret = "string",
        Server = "string",
        ServerIdentityCheck = "string",
        SourceIp = "string",
        SsoAttribute = "string",
        SsoAttributeKey = "string",
        SsoAttributeValueOverride = "string",
        StatusTtl = 0,
        SwitchControllerAcctFastFramedipDetect = 0,
        SwitchControllerNasIpDynamic = "string",
        SwitchControllerServiceType = "string",
        TertiarySecret = "string",
        TertiaryServer = "string",
        Timeout = 0,
        TlsMinProtoVersion = "string",
        TransportProtocol = "string",
        UseManagementVdom = "string",
        UsernameCaseSensitive = "string",
        Vdomparam = "string",
    });
    
    example, err := user.NewRadius(ctx, "radiusResource", &user.RadiusArgs{
    	AccountKeyCertField:  pulumi.String("string"),
    	AccountKeyProcessing: pulumi.String("string"),
    	AccountingServers: user.RadiusAccountingServerArray{
    		&user.RadiusAccountingServerArgs{
    			Id:                    pulumi.Int(0),
    			Interface:             pulumi.String("string"),
    			InterfaceSelectMethod: pulumi.String("string"),
    			Port:                  pulumi.Int(0),
    			Secret:                pulumi.String("string"),
    			Server:                pulumi.String("string"),
    			SourceIp:              pulumi.String("string"),
    			Status:                pulumi.String("string"),
    		},
    	},
    	AcctAllServers:      pulumi.String("string"),
    	AcctInterimInterval: pulumi.Int(0),
    	AllUsergroup:        pulumi.String("string"),
    	AuthType:            pulumi.String("string"),
    	CaCert:              pulumi.String("string"),
    	CallStationIdType:   pulumi.String("string"),
    	Classes: user.RadiusClassArray{
    		&user.RadiusClassArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	ClientCert:                             pulumi.String("string"),
    	Delimiter:                              pulumi.String("string"),
    	DynamicSortSubtable:                    pulumi.String("string"),
    	GetAllTables:                           pulumi.String("string"),
    	GroupOverrideAttrType:                  pulumi.String("string"),
    	H3cCompatibility:                       pulumi.String("string"),
    	Interface:                              pulumi.String("string"),
    	InterfaceSelectMethod:                  pulumi.String("string"),
    	MacCase:                                pulumi.String("string"),
    	MacPasswordDelimiter:                   pulumi.String("string"),
    	MacUsernameDelimiter:                   pulumi.String("string"),
    	Name:                                   pulumi.String("string"),
    	NasId:                                  pulumi.String("string"),
    	NasIdType:                              pulumi.String("string"),
    	NasIp:                                  pulumi.String("string"),
    	PasswordEncoding:                       pulumi.String("string"),
    	PasswordRenewal:                        pulumi.String("string"),
    	RadiusCoa:                              pulumi.String("string"),
    	RadiusPort:                             pulumi.Int(0),
    	Rsso:                                   pulumi.String("string"),
    	RssoContextTimeout:                     pulumi.Int(0),
    	RssoEndpointAttribute:                  pulumi.String("string"),
    	RssoEndpointBlockAttribute:             pulumi.String("string"),
    	RssoEpOneIpOnly:                        pulumi.String("string"),
    	RssoFlushIpSession:                     pulumi.String("string"),
    	RssoLogFlags:                           pulumi.String("string"),
    	RssoLogPeriod:                          pulumi.Int(0),
    	RssoRadiusResponse:                     pulumi.String("string"),
    	RssoRadiusServerPort:                   pulumi.Int(0),
    	RssoSecret:                             pulumi.String("string"),
    	RssoValidateRequestSecret:              pulumi.String("string"),
    	SecondarySecret:                        pulumi.String("string"),
    	SecondaryServer:                        pulumi.String("string"),
    	Secret:                                 pulumi.String("string"),
    	Server:                                 pulumi.String("string"),
    	ServerIdentityCheck:                    pulumi.String("string"),
    	SourceIp:                               pulumi.String("string"),
    	SsoAttribute:                           pulumi.String("string"),
    	SsoAttributeKey:                        pulumi.String("string"),
    	SsoAttributeValueOverride:              pulumi.String("string"),
    	StatusTtl:                              pulumi.Int(0),
    	SwitchControllerAcctFastFramedipDetect: pulumi.Int(0),
    	SwitchControllerNasIpDynamic:           pulumi.String("string"),
    	SwitchControllerServiceType:            pulumi.String("string"),
    	TertiarySecret:                         pulumi.String("string"),
    	TertiaryServer:                         pulumi.String("string"),
    	Timeout:                                pulumi.Int(0),
    	TlsMinProtoVersion:                     pulumi.String("string"),
    	TransportProtocol:                      pulumi.String("string"),
    	UseManagementVdom:                      pulumi.String("string"),
    	UsernameCaseSensitive:                  pulumi.String("string"),
    	Vdomparam:                              pulumi.String("string"),
    })
    
    var radiusResource = new Radius("radiusResource", RadiusArgs.builder()
        .accountKeyCertField("string")
        .accountKeyProcessing("string")
        .accountingServers(RadiusAccountingServerArgs.builder()
            .id(0)
            .interface_("string")
            .interfaceSelectMethod("string")
            .port(0)
            .secret("string")
            .server("string")
            .sourceIp("string")
            .status("string")
            .build())
        .acctAllServers("string")
        .acctInterimInterval(0)
        .allUsergroup("string")
        .authType("string")
        .caCert("string")
        .callStationIdType("string")
        .classes(RadiusClassArgs.builder()
            .name("string")
            .build())
        .clientCert("string")
        .delimiter("string")
        .dynamicSortSubtable("string")
        .getAllTables("string")
        .groupOverrideAttrType("string")
        .h3cCompatibility("string")
        .interface_("string")
        .interfaceSelectMethod("string")
        .macCase("string")
        .macPasswordDelimiter("string")
        .macUsernameDelimiter("string")
        .name("string")
        .nasId("string")
        .nasIdType("string")
        .nasIp("string")
        .passwordEncoding("string")
        .passwordRenewal("string")
        .radiusCoa("string")
        .radiusPort(0)
        .rsso("string")
        .rssoContextTimeout(0)
        .rssoEndpointAttribute("string")
        .rssoEndpointBlockAttribute("string")
        .rssoEpOneIpOnly("string")
        .rssoFlushIpSession("string")
        .rssoLogFlags("string")
        .rssoLogPeriod(0)
        .rssoRadiusResponse("string")
        .rssoRadiusServerPort(0)
        .rssoSecret("string")
        .rssoValidateRequestSecret("string")
        .secondarySecret("string")
        .secondaryServer("string")
        .secret("string")
        .server("string")
        .serverIdentityCheck("string")
        .sourceIp("string")
        .ssoAttribute("string")
        .ssoAttributeKey("string")
        .ssoAttributeValueOverride("string")
        .statusTtl(0)
        .switchControllerAcctFastFramedipDetect(0)
        .switchControllerNasIpDynamic("string")
        .switchControllerServiceType("string")
        .tertiarySecret("string")
        .tertiaryServer("string")
        .timeout(0)
        .tlsMinProtoVersion("string")
        .transportProtocol("string")
        .useManagementVdom("string")
        .usernameCaseSensitive("string")
        .vdomparam("string")
        .build());
    
    radius_resource = fortios.user.Radius("radiusResource",
        account_key_cert_field="string",
        account_key_processing="string",
        accounting_servers=[fortios.user.RadiusAccountingServerArgs(
            id=0,
            interface="string",
            interface_select_method="string",
            port=0,
            secret="string",
            server="string",
            source_ip="string",
            status="string",
        )],
        acct_all_servers="string",
        acct_interim_interval=0,
        all_usergroup="string",
        auth_type="string",
        ca_cert="string",
        call_station_id_type="string",
        classes=[fortios.user.RadiusClassArgs(
            name="string",
        )],
        client_cert="string",
        delimiter="string",
        dynamic_sort_subtable="string",
        get_all_tables="string",
        group_override_attr_type="string",
        h3c_compatibility="string",
        interface="string",
        interface_select_method="string",
        mac_case="string",
        mac_password_delimiter="string",
        mac_username_delimiter="string",
        name="string",
        nas_id="string",
        nas_id_type="string",
        nas_ip="string",
        password_encoding="string",
        password_renewal="string",
        radius_coa="string",
        radius_port=0,
        rsso="string",
        rsso_context_timeout=0,
        rsso_endpoint_attribute="string",
        rsso_endpoint_block_attribute="string",
        rsso_ep_one_ip_only="string",
        rsso_flush_ip_session="string",
        rsso_log_flags="string",
        rsso_log_period=0,
        rsso_radius_response="string",
        rsso_radius_server_port=0,
        rsso_secret="string",
        rsso_validate_request_secret="string",
        secondary_secret="string",
        secondary_server="string",
        secret="string",
        server="string",
        server_identity_check="string",
        source_ip="string",
        sso_attribute="string",
        sso_attribute_key="string",
        sso_attribute_value_override="string",
        status_ttl=0,
        switch_controller_acct_fast_framedip_detect=0,
        switch_controller_nas_ip_dynamic="string",
        switch_controller_service_type="string",
        tertiary_secret="string",
        tertiary_server="string",
        timeout=0,
        tls_min_proto_version="string",
        transport_protocol="string",
        use_management_vdom="string",
        username_case_sensitive="string",
        vdomparam="string")
    
    const radiusResource = new fortios.user.Radius("radiusResource", {
        accountKeyCertField: "string",
        accountKeyProcessing: "string",
        accountingServers: [{
            id: 0,
            "interface": "string",
            interfaceSelectMethod: "string",
            port: 0,
            secret: "string",
            server: "string",
            sourceIp: "string",
            status: "string",
        }],
        acctAllServers: "string",
        acctInterimInterval: 0,
        allUsergroup: "string",
        authType: "string",
        caCert: "string",
        callStationIdType: "string",
        classes: [{
            name: "string",
        }],
        clientCert: "string",
        delimiter: "string",
        dynamicSortSubtable: "string",
        getAllTables: "string",
        groupOverrideAttrType: "string",
        h3cCompatibility: "string",
        "interface": "string",
        interfaceSelectMethod: "string",
        macCase: "string",
        macPasswordDelimiter: "string",
        macUsernameDelimiter: "string",
        name: "string",
        nasId: "string",
        nasIdType: "string",
        nasIp: "string",
        passwordEncoding: "string",
        passwordRenewal: "string",
        radiusCoa: "string",
        radiusPort: 0,
        rsso: "string",
        rssoContextTimeout: 0,
        rssoEndpointAttribute: "string",
        rssoEndpointBlockAttribute: "string",
        rssoEpOneIpOnly: "string",
        rssoFlushIpSession: "string",
        rssoLogFlags: "string",
        rssoLogPeriod: 0,
        rssoRadiusResponse: "string",
        rssoRadiusServerPort: 0,
        rssoSecret: "string",
        rssoValidateRequestSecret: "string",
        secondarySecret: "string",
        secondaryServer: "string",
        secret: "string",
        server: "string",
        serverIdentityCheck: "string",
        sourceIp: "string",
        ssoAttribute: "string",
        ssoAttributeKey: "string",
        ssoAttributeValueOverride: "string",
        statusTtl: 0,
        switchControllerAcctFastFramedipDetect: 0,
        switchControllerNasIpDynamic: "string",
        switchControllerServiceType: "string",
        tertiarySecret: "string",
        tertiaryServer: "string",
        timeout: 0,
        tlsMinProtoVersion: "string",
        transportProtocol: "string",
        useManagementVdom: "string",
        usernameCaseSensitive: "string",
        vdomparam: "string",
    });
    
    type: fortios:user:Radius
    properties:
        accountKeyCertField: string
        accountKeyProcessing: string
        accountingServers:
            - id: 0
              interface: string
              interfaceSelectMethod: string
              port: 0
              secret: string
              server: string
              sourceIp: string
              status: string
        acctAllServers: string
        acctInterimInterval: 0
        allUsergroup: string
        authType: string
        caCert: string
        callStationIdType: string
        classes:
            - name: string
        clientCert: string
        delimiter: string
        dynamicSortSubtable: string
        getAllTables: string
        groupOverrideAttrType: string
        h3cCompatibility: string
        interface: string
        interfaceSelectMethod: string
        macCase: string
        macPasswordDelimiter: string
        macUsernameDelimiter: string
        name: string
        nasId: string
        nasIdType: string
        nasIp: string
        passwordEncoding: string
        passwordRenewal: string
        radiusCoa: string
        radiusPort: 0
        rsso: string
        rssoContextTimeout: 0
        rssoEndpointAttribute: string
        rssoEndpointBlockAttribute: string
        rssoEpOneIpOnly: string
        rssoFlushIpSession: string
        rssoLogFlags: string
        rssoLogPeriod: 0
        rssoRadiusResponse: string
        rssoRadiusServerPort: 0
        rssoSecret: string
        rssoValidateRequestSecret: string
        secondarySecret: string
        secondaryServer: string
        secret: string
        server: string
        serverIdentityCheck: string
        sourceIp: string
        ssoAttribute: string
        ssoAttributeKey: string
        ssoAttributeValueOverride: string
        statusTtl: 0
        switchControllerAcctFastFramedipDetect: 0
        switchControllerNasIpDynamic: string
        switchControllerServiceType: string
        tertiarySecret: string
        tertiaryServer: string
        timeout: 0
        tlsMinProtoVersion: string
        transportProtocol: string
        useManagementVdom: string
        usernameCaseSensitive: string
        vdomparam: string
    

    Radius Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Radius resource accepts the following input properties:

    AccountKeyCertField string
    Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
    AccountKeyProcessing string
    Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
    AccountingServers List<Pulumiverse.Fortios.User.Inputs.RadiusAccountingServer>
    Additional accounting servers. The structure of accounting_server block is documented below.
    AcctAllServers string
    Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable, disable.
    AcctInterimInterval int
    Time in seconds between each accounting interim update message.
    AllUsergroup string
    Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
    AuthType string
    Authentication methods/protocols permitted for this RADIUS server. Valid values: auto, ms_chap_v2, ms_chap, chap, pap.
    CaCert string
    CA of server to trust under TLS.
    CallStationIdType string
    Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
    Classes List<Pulumiverse.Fortios.User.Inputs.RadiusClass>
    Class attribute name(s). The structure of class block is documented below.
    ClientCert string
    Client certificate to use under TLS.
    Delimiter string
    Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus, comma.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GroupOverrideAttrType string
    RADIUS attribute type to override user group information. Valid values: filter-Id, class.
    H3cCompatibility string
    Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable, disable.
    Interface string
    Specify outgoing interface to reach server.
    InterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    MacCase string
    MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
    MacPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    Name string
    RADIUS server entry name.
    NasId string
    Custom NAS identifier.
    NasIdType string
    NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
    NasIp string
    IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
    PasswordEncoding string
    Password encoding. Valid values: auto, ISO-8859-1.
    PasswordRenewal string
    Enable/disable password renewal. Valid values: enable, disable.
    RadiusCoa string
    Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable, disable.
    RadiusPort int
    RADIUS service port number.
    Rsso string
    Enable/disable RADIUS based single sign on feature. Valid values: enable, disable.
    RssoContextTimeout int
    Time in seconds before the logged out user is removed from the "user context list" of logged on users.
    RssoEndpointAttribute string
    RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    RssoEndpointBlockAttribute string
    RADIUS attributes used to block a user. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    RssoEpOneIpOnly string
    Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable, disable.
    RssoFlushIpSession string
    Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable, disable.
    RssoLogFlags string
    Events to log. Valid values: protocol-error, profile-missing, accounting-stop-missed, accounting-event, endpoint-block, radiusd-other, none.
    RssoLogPeriod int
    Time interval in seconds that group event log messages will be generated for dynamic profile events.
    RssoRadiusResponse string
    Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable, disable.
    RssoRadiusServerPort int
    UDP port to listen on for RADIUS Start and Stop records.
    RssoSecret string
    RADIUS secret used by the RADIUS accounting server.
    RssoValidateRequestSecret string
    Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable, disable.
    SecondarySecret string
    Secret key to access the secondary server.
    SecondaryServer string
    {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
    Secret string
    Pre-shared secret key used to access the primary RADIUS server.
    Server string
    Primary RADIUS server CN domain name or IP address.
    ServerIdentityCheck string
    Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable, disable.
    SourceIp string
    Source IP address for communications to the RADIUS server.
    SsoAttribute string
    RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    SsoAttributeKey string
    Key prefix for SSO group value in the SSO attribute.
    SsoAttributeValueOverride string
    Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable, disable.
    StatusTtl int
    Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
    SwitchControllerAcctFastFramedipDetect int
    Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
    SwitchControllerNasIpDynamic string
    Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable, disable.
    SwitchControllerServiceType string
    RADIUS service type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
    TertiarySecret string
    Secret key to access the tertiary server.
    TertiaryServer string
    {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
    Timeout int
    Time in seconds between re-sending authentication requests.
    TlsMinProtoVersion string
    Minimum supported protocol version for TLS connections (default is to follow system global setting).
    TransportProtocol string
    Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
    UseManagementVdom string
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    UsernameCaseSensitive string
    Enable/disable case sensitive user names. Valid values: enable, disable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    AccountKeyCertField string
    Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
    AccountKeyProcessing string
    Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
    AccountingServers []RadiusAccountingServerArgs
    Additional accounting servers. The structure of accounting_server block is documented below.
    AcctAllServers string
    Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable, disable.
    AcctInterimInterval int
    Time in seconds between each accounting interim update message.
    AllUsergroup string
    Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
    AuthType string
    Authentication methods/protocols permitted for this RADIUS server. Valid values: auto, ms_chap_v2, ms_chap, chap, pap.
    CaCert string
    CA of server to trust under TLS.
    CallStationIdType string
    Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
    Classes []RadiusClassArgs
    Class attribute name(s). The structure of class block is documented below.
    ClientCert string
    Client certificate to use under TLS.
    Delimiter string
    Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus, comma.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GroupOverrideAttrType string
    RADIUS attribute type to override user group information. Valid values: filter-Id, class.
    H3cCompatibility string
    Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable, disable.
    Interface string
    Specify outgoing interface to reach server.
    InterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    MacCase string
    MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
    MacPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    Name string
    RADIUS server entry name.
    NasId string
    Custom NAS identifier.
    NasIdType string
    NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
    NasIp string
    IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
    PasswordEncoding string
    Password encoding. Valid values: auto, ISO-8859-1.
    PasswordRenewal string
    Enable/disable password renewal. Valid values: enable, disable.
    RadiusCoa string
    Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable, disable.
    RadiusPort int
    RADIUS service port number.
    Rsso string
    Enable/disable RADIUS based single sign on feature. Valid values: enable, disable.
    RssoContextTimeout int
    Time in seconds before the logged out user is removed from the "user context list" of logged on users.
    RssoEndpointAttribute string
    RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    RssoEndpointBlockAttribute string
    RADIUS attributes used to block a user. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    RssoEpOneIpOnly string
    Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable, disable.
    RssoFlushIpSession string
    Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable, disable.
    RssoLogFlags string
    Events to log. Valid values: protocol-error, profile-missing, accounting-stop-missed, accounting-event, endpoint-block, radiusd-other, none.
    RssoLogPeriod int
    Time interval in seconds that group event log messages will be generated for dynamic profile events.
    RssoRadiusResponse string
    Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable, disable.
    RssoRadiusServerPort int
    UDP port to listen on for RADIUS Start and Stop records.
    RssoSecret string
    RADIUS secret used by the RADIUS accounting server.
    RssoValidateRequestSecret string
    Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable, disable.
    SecondarySecret string
    Secret key to access the secondary server.
    SecondaryServer string
    {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
    Secret string
    Pre-shared secret key used to access the primary RADIUS server.
    Server string
    Primary RADIUS server CN domain name or IP address.
    ServerIdentityCheck string
    Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable, disable.
    SourceIp string
    Source IP address for communications to the RADIUS server.
    SsoAttribute string
    RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    SsoAttributeKey string
    Key prefix for SSO group value in the SSO attribute.
    SsoAttributeValueOverride string
    Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable, disable.
    StatusTtl int
    Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
    SwitchControllerAcctFastFramedipDetect int
    Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
    SwitchControllerNasIpDynamic string
    Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable, disable.
    SwitchControllerServiceType string
    RADIUS service type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
    TertiarySecret string
    Secret key to access the tertiary server.
    TertiaryServer string
    {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
    Timeout int
    Time in seconds between re-sending authentication requests.
    TlsMinProtoVersion string
    Minimum supported protocol version for TLS connections (default is to follow system global setting).
    TransportProtocol string
    Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
    UseManagementVdom string
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    UsernameCaseSensitive string
    Enable/disable case sensitive user names. Valid values: enable, disable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    accountKeyCertField String
    Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
    accountKeyProcessing String
    Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
    accountingServers List<RadiusAccountingServer>
    Additional accounting servers. The structure of accounting_server block is documented below.
    acctAllServers String
    Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable, disable.
    acctInterimInterval Integer
    Time in seconds between each accounting interim update message.
    allUsergroup String
    Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
    authType String
    Authentication methods/protocols permitted for this RADIUS server. Valid values: auto, ms_chap_v2, ms_chap, chap, pap.
    caCert String
    CA of server to trust under TLS.
    callStationIdType String
    Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
    classes List<RadiusClass>
    Class attribute name(s). The structure of class block is documented below.
    clientCert String
    Client certificate to use under TLS.
    delimiter String
    Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus, comma.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groupOverrideAttrType String
    RADIUS attribute type to override user group information. Valid values: filter-Id, class.
    h3cCompatibility String
    Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable, disable.
    interfaceSelectMethod String
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    interface_ String
    Specify outgoing interface to reach server.
    macCase String
    MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
    macPasswordDelimiter String
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter String
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    name String
    RADIUS server entry name.
    nasId String
    Custom NAS identifier.
    nasIdType String
    NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
    nasIp String
    IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
    passwordEncoding String
    Password encoding. Valid values: auto, ISO-8859-1.
    passwordRenewal String
    Enable/disable password renewal. Valid values: enable, disable.
    radiusCoa String
    Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable, disable.
    radiusPort Integer
    RADIUS service port number.
    rsso String
    Enable/disable RADIUS based single sign on feature. Valid values: enable, disable.
    rssoContextTimeout Integer
    Time in seconds before the logged out user is removed from the "user context list" of logged on users.
    rssoEndpointAttribute String
    RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rssoEndpointBlockAttribute String
    RADIUS attributes used to block a user. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rssoEpOneIpOnly String
    Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable, disable.
    rssoFlushIpSession String
    Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable, disable.
    rssoLogFlags String
    Events to log. Valid values: protocol-error, profile-missing, accounting-stop-missed, accounting-event, endpoint-block, radiusd-other, none.
    rssoLogPeriod Integer
    Time interval in seconds that group event log messages will be generated for dynamic profile events.
    rssoRadiusResponse String
    Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable, disable.
    rssoRadiusServerPort Integer
    UDP port to listen on for RADIUS Start and Stop records.
    rssoSecret String
    RADIUS secret used by the RADIUS accounting server.
    rssoValidateRequestSecret String
    Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable, disable.
    secondarySecret String
    Secret key to access the secondary server.
    secondaryServer String
    {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
    secret String
    Pre-shared secret key used to access the primary RADIUS server.
    server String
    Primary RADIUS server CN domain name or IP address.
    serverIdentityCheck String
    Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable, disable.
    sourceIp String
    Source IP address for communications to the RADIUS server.
    ssoAttribute String
    RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    ssoAttributeKey String
    Key prefix for SSO group value in the SSO attribute.
    ssoAttributeValueOverride String
    Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable, disable.
    statusTtl Integer
    Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
    switchControllerAcctFastFramedipDetect Integer
    Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
    switchControllerNasIpDynamic String
    Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable, disable.
    switchControllerServiceType String
    RADIUS service type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
    tertiarySecret String
    Secret key to access the tertiary server.
    tertiaryServer String
    {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
    timeout Integer
    Time in seconds between re-sending authentication requests.
    tlsMinProtoVersion String
    Minimum supported protocol version for TLS connections (default is to follow system global setting).
    transportProtocol String
    Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
    useManagementVdom String
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    usernameCaseSensitive String
    Enable/disable case sensitive user names. Valid values: enable, disable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    accountKeyCertField string
    Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
    accountKeyProcessing string
    Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
    accountingServers RadiusAccountingServer[]
    Additional accounting servers. The structure of accounting_server block is documented below.
    acctAllServers string
    Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable, disable.
    acctInterimInterval number
    Time in seconds between each accounting interim update message.
    allUsergroup string
    Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
    authType string
    Authentication methods/protocols permitted for this RADIUS server. Valid values: auto, ms_chap_v2, ms_chap, chap, pap.
    caCert string
    CA of server to trust under TLS.
    callStationIdType string
    Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
    classes RadiusClass[]
    Class attribute name(s). The structure of class block is documented below.
    clientCert string
    Client certificate to use under TLS.
    delimiter string
    Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus, comma.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groupOverrideAttrType string
    RADIUS attribute type to override user group information. Valid values: filter-Id, class.
    h3cCompatibility string
    Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable, disable.
    interface string
    Specify outgoing interface to reach server.
    interfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    macCase string
    MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
    macPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    name string
    RADIUS server entry name.
    nasId string
    Custom NAS identifier.
    nasIdType string
    NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
    nasIp string
    IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
    passwordEncoding string
    Password encoding. Valid values: auto, ISO-8859-1.
    passwordRenewal string
    Enable/disable password renewal. Valid values: enable, disable.
    radiusCoa string
    Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable, disable.
    radiusPort number
    RADIUS service port number.
    rsso string
    Enable/disable RADIUS based single sign on feature. Valid values: enable, disable.
    rssoContextTimeout number
    Time in seconds before the logged out user is removed from the "user context list" of logged on users.
    rssoEndpointAttribute string
    RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rssoEndpointBlockAttribute string
    RADIUS attributes used to block a user. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rssoEpOneIpOnly string
    Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable, disable.
    rssoFlushIpSession string
    Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable, disable.
    rssoLogFlags string
    Events to log. Valid values: protocol-error, profile-missing, accounting-stop-missed, accounting-event, endpoint-block, radiusd-other, none.
    rssoLogPeriod number
    Time interval in seconds that group event log messages will be generated for dynamic profile events.
    rssoRadiusResponse string
    Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable, disable.
    rssoRadiusServerPort number
    UDP port to listen on for RADIUS Start and Stop records.
    rssoSecret string
    RADIUS secret used by the RADIUS accounting server.
    rssoValidateRequestSecret string
    Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable, disable.
    secondarySecret string
    Secret key to access the secondary server.
    secondaryServer string
    {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
    secret string
    Pre-shared secret key used to access the primary RADIUS server.
    server string
    Primary RADIUS server CN domain name or IP address.
    serverIdentityCheck string
    Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable, disable.
    sourceIp string
    Source IP address for communications to the RADIUS server.
    ssoAttribute string
    RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    ssoAttributeKey string
    Key prefix for SSO group value in the SSO attribute.
    ssoAttributeValueOverride string
    Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable, disable.
    statusTtl number
    Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
    switchControllerAcctFastFramedipDetect number
    Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
    switchControllerNasIpDynamic string
    Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable, disable.
    switchControllerServiceType string
    RADIUS service type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
    tertiarySecret string
    Secret key to access the tertiary server.
    tertiaryServer string
    {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
    timeout number
    Time in seconds between re-sending authentication requests.
    tlsMinProtoVersion string
    Minimum supported protocol version for TLS connections (default is to follow system global setting).
    transportProtocol string
    Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
    useManagementVdom string
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    usernameCaseSensitive string
    Enable/disable case sensitive user names. Valid values: enable, disable.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    account_key_cert_field str
    Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
    account_key_processing str
    Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
    accounting_servers Sequence[RadiusAccountingServerArgs]
    Additional accounting servers. The structure of accounting_server block is documented below.
    acct_all_servers str
    Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable, disable.
    acct_interim_interval int
    Time in seconds between each accounting interim update message.
    all_usergroup str
    Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
    auth_type str
    Authentication methods/protocols permitted for this RADIUS server. Valid values: auto, ms_chap_v2, ms_chap, chap, pap.
    ca_cert str
    CA of server to trust under TLS.
    call_station_id_type str
    Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
    classes Sequence[RadiusClassArgs]
    Class attribute name(s). The structure of class block is documented below.
    client_cert str
    Client certificate to use under TLS.
    delimiter str
    Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus, comma.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    group_override_attr_type str
    RADIUS attribute type to override user group information. Valid values: filter-Id, class.
    h3c_compatibility str
    Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable, disable.
    interface str
    Specify outgoing interface to reach server.
    interface_select_method str
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    mac_case str
    MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
    mac_password_delimiter str
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    mac_username_delimiter str
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    name str
    RADIUS server entry name.
    nas_id str
    Custom NAS identifier.
    nas_id_type str
    NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
    nas_ip str
    IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
    password_encoding str
    Password encoding. Valid values: auto, ISO-8859-1.
    password_renewal str
    Enable/disable password renewal. Valid values: enable, disable.
    radius_coa str
    Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable, disable.
    radius_port int
    RADIUS service port number.
    rsso str
    Enable/disable RADIUS based single sign on feature. Valid values: enable, disable.
    rsso_context_timeout int
    Time in seconds before the logged out user is removed from the "user context list" of logged on users.
    rsso_endpoint_attribute str
    RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rsso_endpoint_block_attribute str
    RADIUS attributes used to block a user. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rsso_ep_one_ip_only str
    Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable, disable.
    rsso_flush_ip_session str
    Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable, disable.
    rsso_log_flags str
    Events to log. Valid values: protocol-error, profile-missing, accounting-stop-missed, accounting-event, endpoint-block, radiusd-other, none.
    rsso_log_period int
    Time interval in seconds that group event log messages will be generated for dynamic profile events.
    rsso_radius_response str
    Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable, disable.
    rsso_radius_server_port int
    UDP port to listen on for RADIUS Start and Stop records.
    rsso_secret str
    RADIUS secret used by the RADIUS accounting server.
    rsso_validate_request_secret str
    Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable, disable.
    secondary_secret str
    Secret key to access the secondary server.
    secondary_server str
    {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
    secret str
    Pre-shared secret key used to access the primary RADIUS server.
    server str
    Primary RADIUS server CN domain name or IP address.
    server_identity_check str
    Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable, disable.
    source_ip str
    Source IP address for communications to the RADIUS server.
    sso_attribute str
    RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    sso_attribute_key str
    Key prefix for SSO group value in the SSO attribute.
    sso_attribute_value_override str
    Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable, disable.
    status_ttl int
    Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
    switch_controller_acct_fast_framedip_detect int
    Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
    switch_controller_nas_ip_dynamic str
    Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable, disable.
    switch_controller_service_type str
    RADIUS service type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
    tertiary_secret str
    Secret key to access the tertiary server.
    tertiary_server str
    {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
    timeout int
    Time in seconds between re-sending authentication requests.
    tls_min_proto_version str
    Minimum supported protocol version for TLS connections (default is to follow system global setting).
    transport_protocol str
    Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
    use_management_vdom str
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    username_case_sensitive str
    Enable/disable case sensitive user names. Valid values: enable, disable.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    accountKeyCertField String
    Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
    accountKeyProcessing String
    Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
    accountingServers List<Property Map>
    Additional accounting servers. The structure of accounting_server block is documented below.
    acctAllServers String
    Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable, disable.
    acctInterimInterval Number
    Time in seconds between each accounting interim update message.
    allUsergroup String
    Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
    authType String
    Authentication methods/protocols permitted for this RADIUS server. Valid values: auto, ms_chap_v2, ms_chap, chap, pap.
    caCert String
    CA of server to trust under TLS.
    callStationIdType String
    Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
    classes List<Property Map>
    Class attribute name(s). The structure of class block is documented below.
    clientCert String
    Client certificate to use under TLS.
    delimiter String
    Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus, comma.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groupOverrideAttrType String
    RADIUS attribute type to override user group information. Valid values: filter-Id, class.
    h3cCompatibility String
    Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable, disable.
    interface String
    Specify outgoing interface to reach server.
    interfaceSelectMethod String
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    macCase String
    MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
    macPasswordDelimiter String
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter String
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    name String
    RADIUS server entry name.
    nasId String
    Custom NAS identifier.
    nasIdType String
    NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
    nasIp String
    IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
    passwordEncoding String
    Password encoding. Valid values: auto, ISO-8859-1.
    passwordRenewal String
    Enable/disable password renewal. Valid values: enable, disable.
    radiusCoa String
    Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable, disable.
    radiusPort Number
    RADIUS service port number.
    rsso String
    Enable/disable RADIUS based single sign on feature. Valid values: enable, disable.
    rssoContextTimeout Number
    Time in seconds before the logged out user is removed from the "user context list" of logged on users.
    rssoEndpointAttribute String
    RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rssoEndpointBlockAttribute String
    RADIUS attributes used to block a user. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rssoEpOneIpOnly String
    Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable, disable.
    rssoFlushIpSession String
    Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable, disable.
    rssoLogFlags String
    Events to log. Valid values: protocol-error, profile-missing, accounting-stop-missed, accounting-event, endpoint-block, radiusd-other, none.
    rssoLogPeriod Number
    Time interval in seconds that group event log messages will be generated for dynamic profile events.
    rssoRadiusResponse String
    Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable, disable.
    rssoRadiusServerPort Number
    UDP port to listen on for RADIUS Start and Stop records.
    rssoSecret String
    RADIUS secret used by the RADIUS accounting server.
    rssoValidateRequestSecret String
    Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable, disable.
    secondarySecret String
    Secret key to access the secondary server.
    secondaryServer String
    {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
    secret String
    Pre-shared secret key used to access the primary RADIUS server.
    server String
    Primary RADIUS server CN domain name or IP address.
    serverIdentityCheck String
    Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable, disable.
    sourceIp String
    Source IP address for communications to the RADIUS server.
    ssoAttribute String
    RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    ssoAttributeKey String
    Key prefix for SSO group value in the SSO attribute.
    ssoAttributeValueOverride String
    Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable, disable.
    statusTtl Number
    Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
    switchControllerAcctFastFramedipDetect Number
    Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
    switchControllerNasIpDynamic String
    Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable, disable.
    switchControllerServiceType String
    RADIUS service type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
    tertiarySecret String
    Secret key to access the tertiary server.
    tertiaryServer String
    {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
    timeout Number
    Time in seconds between re-sending authentication requests.
    tlsMinProtoVersion String
    Minimum supported protocol version for TLS connections (default is to follow system global setting).
    transportProtocol String
    Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
    useManagementVdom String
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    usernameCaseSensitive String
    Enable/disable case sensitive user names. Valid values: enable, disable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Radius resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Radius Resource

    Get an existing Radius resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: RadiusState, opts?: CustomResourceOptions): Radius
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            account_key_cert_field: Optional[str] = None,
            account_key_processing: Optional[str] = None,
            accounting_servers: Optional[Sequence[RadiusAccountingServerArgs]] = None,
            acct_all_servers: Optional[str] = None,
            acct_interim_interval: Optional[int] = None,
            all_usergroup: Optional[str] = None,
            auth_type: Optional[str] = None,
            ca_cert: Optional[str] = None,
            call_station_id_type: Optional[str] = None,
            classes: Optional[Sequence[RadiusClassArgs]] = None,
            client_cert: Optional[str] = None,
            delimiter: Optional[str] = None,
            dynamic_sort_subtable: Optional[str] = None,
            get_all_tables: Optional[str] = None,
            group_override_attr_type: Optional[str] = None,
            h3c_compatibility: Optional[str] = None,
            interface: Optional[str] = None,
            interface_select_method: Optional[str] = None,
            mac_case: Optional[str] = None,
            mac_password_delimiter: Optional[str] = None,
            mac_username_delimiter: Optional[str] = None,
            name: Optional[str] = None,
            nas_id: Optional[str] = None,
            nas_id_type: Optional[str] = None,
            nas_ip: Optional[str] = None,
            password_encoding: Optional[str] = None,
            password_renewal: Optional[str] = None,
            radius_coa: Optional[str] = None,
            radius_port: Optional[int] = None,
            rsso: Optional[str] = None,
            rsso_context_timeout: Optional[int] = None,
            rsso_endpoint_attribute: Optional[str] = None,
            rsso_endpoint_block_attribute: Optional[str] = None,
            rsso_ep_one_ip_only: Optional[str] = None,
            rsso_flush_ip_session: Optional[str] = None,
            rsso_log_flags: Optional[str] = None,
            rsso_log_period: Optional[int] = None,
            rsso_radius_response: Optional[str] = None,
            rsso_radius_server_port: Optional[int] = None,
            rsso_secret: Optional[str] = None,
            rsso_validate_request_secret: Optional[str] = None,
            secondary_secret: Optional[str] = None,
            secondary_server: Optional[str] = None,
            secret: Optional[str] = None,
            server: Optional[str] = None,
            server_identity_check: Optional[str] = None,
            source_ip: Optional[str] = None,
            sso_attribute: Optional[str] = None,
            sso_attribute_key: Optional[str] = None,
            sso_attribute_value_override: Optional[str] = None,
            status_ttl: Optional[int] = None,
            switch_controller_acct_fast_framedip_detect: Optional[int] = None,
            switch_controller_nas_ip_dynamic: Optional[str] = None,
            switch_controller_service_type: Optional[str] = None,
            tertiary_secret: Optional[str] = None,
            tertiary_server: Optional[str] = None,
            timeout: Optional[int] = None,
            tls_min_proto_version: Optional[str] = None,
            transport_protocol: Optional[str] = None,
            use_management_vdom: Optional[str] = None,
            username_case_sensitive: Optional[str] = None,
            vdomparam: Optional[str] = None) -> Radius
    func GetRadius(ctx *Context, name string, id IDInput, state *RadiusState, opts ...ResourceOption) (*Radius, error)
    public static Radius Get(string name, Input<string> id, RadiusState? state, CustomResourceOptions? opts = null)
    public static Radius get(String name, Output<String> id, RadiusState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccountKeyCertField string
    Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
    AccountKeyProcessing string
    Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
    AccountingServers List<Pulumiverse.Fortios.User.Inputs.RadiusAccountingServer>
    Additional accounting servers. The structure of accounting_server block is documented below.
    AcctAllServers string
    Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable, disable.
    AcctInterimInterval int
    Time in seconds between each accounting interim update message.
    AllUsergroup string
    Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
    AuthType string
    Authentication methods/protocols permitted for this RADIUS server. Valid values: auto, ms_chap_v2, ms_chap, chap, pap.
    CaCert string
    CA of server to trust under TLS.
    CallStationIdType string
    Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
    Classes List<Pulumiverse.Fortios.User.Inputs.RadiusClass>
    Class attribute name(s). The structure of class block is documented below.
    ClientCert string
    Client certificate to use under TLS.
    Delimiter string
    Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus, comma.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GroupOverrideAttrType string
    RADIUS attribute type to override user group information. Valid values: filter-Id, class.
    H3cCompatibility string
    Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable, disable.
    Interface string
    Specify outgoing interface to reach server.
    InterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    MacCase string
    MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
    MacPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    Name string
    RADIUS server entry name.
    NasId string
    Custom NAS identifier.
    NasIdType string
    NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
    NasIp string
    IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
    PasswordEncoding string
    Password encoding. Valid values: auto, ISO-8859-1.
    PasswordRenewal string
    Enable/disable password renewal. Valid values: enable, disable.
    RadiusCoa string
    Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable, disable.
    RadiusPort int
    RADIUS service port number.
    Rsso string
    Enable/disable RADIUS based single sign on feature. Valid values: enable, disable.
    RssoContextTimeout int
    Time in seconds before the logged out user is removed from the "user context list" of logged on users.
    RssoEndpointAttribute string
    RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    RssoEndpointBlockAttribute string
    RADIUS attributes used to block a user. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    RssoEpOneIpOnly string
    Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable, disable.
    RssoFlushIpSession string
    Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable, disable.
    RssoLogFlags string
    Events to log. Valid values: protocol-error, profile-missing, accounting-stop-missed, accounting-event, endpoint-block, radiusd-other, none.
    RssoLogPeriod int
    Time interval in seconds that group event log messages will be generated for dynamic profile events.
    RssoRadiusResponse string
    Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable, disable.
    RssoRadiusServerPort int
    UDP port to listen on for RADIUS Start and Stop records.
    RssoSecret string
    RADIUS secret used by the RADIUS accounting server.
    RssoValidateRequestSecret string
    Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable, disable.
    SecondarySecret string
    Secret key to access the secondary server.
    SecondaryServer string
    {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
    Secret string
    Pre-shared secret key used to access the primary RADIUS server.
    Server string
    Primary RADIUS server CN domain name or IP address.
    ServerIdentityCheck string
    Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable, disable.
    SourceIp string
    Source IP address for communications to the RADIUS server.
    SsoAttribute string
    RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    SsoAttributeKey string
    Key prefix for SSO group value in the SSO attribute.
    SsoAttributeValueOverride string
    Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable, disable.
    StatusTtl int
    Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
    SwitchControllerAcctFastFramedipDetect int
    Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
    SwitchControllerNasIpDynamic string
    Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable, disable.
    SwitchControllerServiceType string
    RADIUS service type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
    TertiarySecret string
    Secret key to access the tertiary server.
    TertiaryServer string
    {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
    Timeout int
    Time in seconds between re-sending authentication requests.
    TlsMinProtoVersion string
    Minimum supported protocol version for TLS connections (default is to follow system global setting).
    TransportProtocol string
    Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
    UseManagementVdom string
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    UsernameCaseSensitive string
    Enable/disable case sensitive user names. Valid values: enable, disable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    AccountKeyCertField string
    Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
    AccountKeyProcessing string
    Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
    AccountingServers []RadiusAccountingServerArgs
    Additional accounting servers. The structure of accounting_server block is documented below.
    AcctAllServers string
    Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable, disable.
    AcctInterimInterval int
    Time in seconds between each accounting interim update message.
    AllUsergroup string
    Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
    AuthType string
    Authentication methods/protocols permitted for this RADIUS server. Valid values: auto, ms_chap_v2, ms_chap, chap, pap.
    CaCert string
    CA of server to trust under TLS.
    CallStationIdType string
    Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
    Classes []RadiusClassArgs
    Class attribute name(s). The structure of class block is documented below.
    ClientCert string
    Client certificate to use under TLS.
    Delimiter string
    Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus, comma.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GroupOverrideAttrType string
    RADIUS attribute type to override user group information. Valid values: filter-Id, class.
    H3cCompatibility string
    Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable, disable.
    Interface string
    Specify outgoing interface to reach server.
    InterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    MacCase string
    MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
    MacPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    Name string
    RADIUS server entry name.
    NasId string
    Custom NAS identifier.
    NasIdType string
    NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
    NasIp string
    IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
    PasswordEncoding string
    Password encoding. Valid values: auto, ISO-8859-1.
    PasswordRenewal string
    Enable/disable password renewal. Valid values: enable, disable.
    RadiusCoa string
    Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable, disable.
    RadiusPort int
    RADIUS service port number.
    Rsso string
    Enable/disable RADIUS based single sign on feature. Valid values: enable, disable.
    RssoContextTimeout int
    Time in seconds before the logged out user is removed from the "user context list" of logged on users.
    RssoEndpointAttribute string
    RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    RssoEndpointBlockAttribute string
    RADIUS attributes used to block a user. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    RssoEpOneIpOnly string
    Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable, disable.
    RssoFlushIpSession string
    Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable, disable.
    RssoLogFlags string
    Events to log. Valid values: protocol-error, profile-missing, accounting-stop-missed, accounting-event, endpoint-block, radiusd-other, none.
    RssoLogPeriod int
    Time interval in seconds that group event log messages will be generated for dynamic profile events.
    RssoRadiusResponse string
    Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable, disable.
    RssoRadiusServerPort int
    UDP port to listen on for RADIUS Start and Stop records.
    RssoSecret string
    RADIUS secret used by the RADIUS accounting server.
    RssoValidateRequestSecret string
    Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable, disable.
    SecondarySecret string
    Secret key to access the secondary server.
    SecondaryServer string
    {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
    Secret string
    Pre-shared secret key used to access the primary RADIUS server.
    Server string
    Primary RADIUS server CN domain name or IP address.
    ServerIdentityCheck string
    Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable, disable.
    SourceIp string
    Source IP address for communications to the RADIUS server.
    SsoAttribute string
    RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    SsoAttributeKey string
    Key prefix for SSO group value in the SSO attribute.
    SsoAttributeValueOverride string
    Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable, disable.
    StatusTtl int
    Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
    SwitchControllerAcctFastFramedipDetect int
    Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
    SwitchControllerNasIpDynamic string
    Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable, disable.
    SwitchControllerServiceType string
    RADIUS service type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
    TertiarySecret string
    Secret key to access the tertiary server.
    TertiaryServer string
    {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
    Timeout int
    Time in seconds between re-sending authentication requests.
    TlsMinProtoVersion string
    Minimum supported protocol version for TLS connections (default is to follow system global setting).
    TransportProtocol string
    Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
    UseManagementVdom string
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    UsernameCaseSensitive string
    Enable/disable case sensitive user names. Valid values: enable, disable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    accountKeyCertField String
    Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
    accountKeyProcessing String
    Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
    accountingServers List<RadiusAccountingServer>
    Additional accounting servers. The structure of accounting_server block is documented below.
    acctAllServers String
    Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable, disable.
    acctInterimInterval Integer
    Time in seconds between each accounting interim update message.
    allUsergroup String
    Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
    authType String
    Authentication methods/protocols permitted for this RADIUS server. Valid values: auto, ms_chap_v2, ms_chap, chap, pap.
    caCert String
    CA of server to trust under TLS.
    callStationIdType String
    Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
    classes List<RadiusClass>
    Class attribute name(s). The structure of class block is documented below.
    clientCert String
    Client certificate to use under TLS.
    delimiter String
    Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus, comma.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groupOverrideAttrType String
    RADIUS attribute type to override user group information. Valid values: filter-Id, class.
    h3cCompatibility String
    Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable, disable.
    interfaceSelectMethod String
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    interface_ String
    Specify outgoing interface to reach server.
    macCase String
    MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
    macPasswordDelimiter String
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter String
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    name String
    RADIUS server entry name.
    nasId String
    Custom NAS identifier.
    nasIdType String
    NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
    nasIp String
    IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
    passwordEncoding String
    Password encoding. Valid values: auto, ISO-8859-1.
    passwordRenewal String
    Enable/disable password renewal. Valid values: enable, disable.
    radiusCoa String
    Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable, disable.
    radiusPort Integer
    RADIUS service port number.
    rsso String
    Enable/disable RADIUS based single sign on feature. Valid values: enable, disable.
    rssoContextTimeout Integer
    Time in seconds before the logged out user is removed from the "user context list" of logged on users.
    rssoEndpointAttribute String
    RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rssoEndpointBlockAttribute String
    RADIUS attributes used to block a user. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rssoEpOneIpOnly String
    Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable, disable.
    rssoFlushIpSession String
    Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable, disable.
    rssoLogFlags String
    Events to log. Valid values: protocol-error, profile-missing, accounting-stop-missed, accounting-event, endpoint-block, radiusd-other, none.
    rssoLogPeriod Integer
    Time interval in seconds that group event log messages will be generated for dynamic profile events.
    rssoRadiusResponse String
    Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable, disable.
    rssoRadiusServerPort Integer
    UDP port to listen on for RADIUS Start and Stop records.
    rssoSecret String
    RADIUS secret used by the RADIUS accounting server.
    rssoValidateRequestSecret String
    Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable, disable.
    secondarySecret String
    Secret key to access the secondary server.
    secondaryServer String
    {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
    secret String
    Pre-shared secret key used to access the primary RADIUS server.
    server String
    Primary RADIUS server CN domain name or IP address.
    serverIdentityCheck String
    Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable, disable.
    sourceIp String
    Source IP address for communications to the RADIUS server.
    ssoAttribute String
    RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    ssoAttributeKey String
    Key prefix for SSO group value in the SSO attribute.
    ssoAttributeValueOverride String
    Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable, disable.
    statusTtl Integer
    Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
    switchControllerAcctFastFramedipDetect Integer
    Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
    switchControllerNasIpDynamic String
    Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable, disable.
    switchControllerServiceType String
    RADIUS service type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
    tertiarySecret String
    Secret key to access the tertiary server.
    tertiaryServer String
    {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
    timeout Integer
    Time in seconds between re-sending authentication requests.
    tlsMinProtoVersion String
    Minimum supported protocol version for TLS connections (default is to follow system global setting).
    transportProtocol String
    Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
    useManagementVdom String
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    usernameCaseSensitive String
    Enable/disable case sensitive user names. Valid values: enable, disable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    accountKeyCertField string
    Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
    accountKeyProcessing string
    Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
    accountingServers RadiusAccountingServer[]
    Additional accounting servers. The structure of accounting_server block is documented below.
    acctAllServers string
    Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable, disable.
    acctInterimInterval number
    Time in seconds between each accounting interim update message.
    allUsergroup string
    Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
    authType string
    Authentication methods/protocols permitted for this RADIUS server. Valid values: auto, ms_chap_v2, ms_chap, chap, pap.
    caCert string
    CA of server to trust under TLS.
    callStationIdType string
    Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
    classes RadiusClass[]
    Class attribute name(s). The structure of class block is documented below.
    clientCert string
    Client certificate to use under TLS.
    delimiter string
    Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus, comma.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groupOverrideAttrType string
    RADIUS attribute type to override user group information. Valid values: filter-Id, class.
    h3cCompatibility string
    Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable, disable.
    interface string
    Specify outgoing interface to reach server.
    interfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    macCase string
    MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
    macPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    name string
    RADIUS server entry name.
    nasId string
    Custom NAS identifier.
    nasIdType string
    NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
    nasIp string
    IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
    passwordEncoding string
    Password encoding. Valid values: auto, ISO-8859-1.
    passwordRenewal string
    Enable/disable password renewal. Valid values: enable, disable.
    radiusCoa string
    Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable, disable.
    radiusPort number
    RADIUS service port number.
    rsso string
    Enable/disable RADIUS based single sign on feature. Valid values: enable, disable.
    rssoContextTimeout number
    Time in seconds before the logged out user is removed from the "user context list" of logged on users.
    rssoEndpointAttribute string
    RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rssoEndpointBlockAttribute string
    RADIUS attributes used to block a user. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rssoEpOneIpOnly string
    Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable, disable.
    rssoFlushIpSession string
    Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable, disable.
    rssoLogFlags string
    Events to log. Valid values: protocol-error, profile-missing, accounting-stop-missed, accounting-event, endpoint-block, radiusd-other, none.
    rssoLogPeriod number
    Time interval in seconds that group event log messages will be generated for dynamic profile events.
    rssoRadiusResponse string
    Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable, disable.
    rssoRadiusServerPort number
    UDP port to listen on for RADIUS Start and Stop records.
    rssoSecret string
    RADIUS secret used by the RADIUS accounting server.
    rssoValidateRequestSecret string
    Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable, disable.
    secondarySecret string
    Secret key to access the secondary server.
    secondaryServer string
    {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
    secret string
    Pre-shared secret key used to access the primary RADIUS server.
    server string
    Primary RADIUS server CN domain name or IP address.
    serverIdentityCheck string
    Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable, disable.
    sourceIp string
    Source IP address for communications to the RADIUS server.
    ssoAttribute string
    RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    ssoAttributeKey string
    Key prefix for SSO group value in the SSO attribute.
    ssoAttributeValueOverride string
    Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable, disable.
    statusTtl number
    Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
    switchControllerAcctFastFramedipDetect number
    Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
    switchControllerNasIpDynamic string
    Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable, disable.
    switchControllerServiceType string
    RADIUS service type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
    tertiarySecret string
    Secret key to access the tertiary server.
    tertiaryServer string
    {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
    timeout number
    Time in seconds between re-sending authentication requests.
    tlsMinProtoVersion string
    Minimum supported protocol version for TLS connections (default is to follow system global setting).
    transportProtocol string
    Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
    useManagementVdom string
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    usernameCaseSensitive string
    Enable/disable case sensitive user names. Valid values: enable, disable.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    account_key_cert_field str
    Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
    account_key_processing str
    Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
    accounting_servers Sequence[RadiusAccountingServerArgs]
    Additional accounting servers. The structure of accounting_server block is documented below.
    acct_all_servers str
    Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable, disable.
    acct_interim_interval int
    Time in seconds between each accounting interim update message.
    all_usergroup str
    Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
    auth_type str
    Authentication methods/protocols permitted for this RADIUS server. Valid values: auto, ms_chap_v2, ms_chap, chap, pap.
    ca_cert str
    CA of server to trust under TLS.
    call_station_id_type str
    Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
    classes Sequence[RadiusClassArgs]
    Class attribute name(s). The structure of class block is documented below.
    client_cert str
    Client certificate to use under TLS.
    delimiter str
    Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus, comma.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    group_override_attr_type str
    RADIUS attribute type to override user group information. Valid values: filter-Id, class.
    h3c_compatibility str
    Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable, disable.
    interface str
    Specify outgoing interface to reach server.
    interface_select_method str
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    mac_case str
    MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
    mac_password_delimiter str
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    mac_username_delimiter str
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    name str
    RADIUS server entry name.
    nas_id str
    Custom NAS identifier.
    nas_id_type str
    NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
    nas_ip str
    IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
    password_encoding str
    Password encoding. Valid values: auto, ISO-8859-1.
    password_renewal str
    Enable/disable password renewal. Valid values: enable, disable.
    radius_coa str
    Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable, disable.
    radius_port int
    RADIUS service port number.
    rsso str
    Enable/disable RADIUS based single sign on feature. Valid values: enable, disable.
    rsso_context_timeout int
    Time in seconds before the logged out user is removed from the "user context list" of logged on users.
    rsso_endpoint_attribute str
    RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rsso_endpoint_block_attribute str
    RADIUS attributes used to block a user. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rsso_ep_one_ip_only str
    Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable, disable.
    rsso_flush_ip_session str
    Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable, disable.
    rsso_log_flags str
    Events to log. Valid values: protocol-error, profile-missing, accounting-stop-missed, accounting-event, endpoint-block, radiusd-other, none.
    rsso_log_period int
    Time interval in seconds that group event log messages will be generated for dynamic profile events.
    rsso_radius_response str
    Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable, disable.
    rsso_radius_server_port int
    UDP port to listen on for RADIUS Start and Stop records.
    rsso_secret str
    RADIUS secret used by the RADIUS accounting server.
    rsso_validate_request_secret str
    Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable, disable.
    secondary_secret str
    Secret key to access the secondary server.
    secondary_server str
    {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
    secret str
    Pre-shared secret key used to access the primary RADIUS server.
    server str
    Primary RADIUS server CN domain name or IP address.
    server_identity_check str
    Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable, disable.
    source_ip str
    Source IP address for communications to the RADIUS server.
    sso_attribute str
    RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    sso_attribute_key str
    Key prefix for SSO group value in the SSO attribute.
    sso_attribute_value_override str
    Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable, disable.
    status_ttl int
    Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
    switch_controller_acct_fast_framedip_detect int
    Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
    switch_controller_nas_ip_dynamic str
    Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable, disable.
    switch_controller_service_type str
    RADIUS service type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
    tertiary_secret str
    Secret key to access the tertiary server.
    tertiary_server str
    {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
    timeout int
    Time in seconds between re-sending authentication requests.
    tls_min_proto_version str
    Minimum supported protocol version for TLS connections (default is to follow system global setting).
    transport_protocol str
    Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
    use_management_vdom str
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    username_case_sensitive str
    Enable/disable case sensitive user names. Valid values: enable, disable.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    accountKeyCertField String
    Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
    accountKeyProcessing String
    Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same, strip.
    accountingServers List<Property Map>
    Additional accounting servers. The structure of accounting_server block is documented below.
    acctAllServers String
    Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable, disable.
    acctInterimInterval Number
    Time in seconds between each accounting interim update message.
    allUsergroup String
    Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable, enable.
    authType String
    Authentication methods/protocols permitted for this RADIUS server. Valid values: auto, ms_chap_v2, ms_chap, chap, pap.
    caCert String
    CA of server to trust under TLS.
    callStationIdType String
    Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy, IP, MAC.
    classes List<Property Map>
    Class attribute name(s). The structure of class block is documented below.
    clientCert String
    Client certificate to use under TLS.
    delimiter String
    Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus, comma.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groupOverrideAttrType String
    RADIUS attribute type to override user group information. Valid values: filter-Id, class.
    h3cCompatibility String
    Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable, disable.
    interface String
    Specify outgoing interface to reach server.
    interfaceSelectMethod String
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    macCase String
    MAC authentication case (default = lowercase). Valid values: uppercase, lowercase.
    macPasswordDelimiter String
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter String
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    name String
    RADIUS server entry name.
    nasId String
    Custom NAS identifier.
    nasIdType String
    NAS identifier type configuration (default = legacy). Valid values: legacy, custom, hostname.
    nasIp String
    IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
    passwordEncoding String
    Password encoding. Valid values: auto, ISO-8859-1.
    passwordRenewal String
    Enable/disable password renewal. Valid values: enable, disable.
    radiusCoa String
    Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable, disable.
    radiusPort Number
    RADIUS service port number.
    rsso String
    Enable/disable RADIUS based single sign on feature. Valid values: enable, disable.
    rssoContextTimeout Number
    Time in seconds before the logged out user is removed from the "user context list" of logged on users.
    rssoEndpointAttribute String
    RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rssoEndpointBlockAttribute String
    RADIUS attributes used to block a user. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    rssoEpOneIpOnly String
    Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable, disable.
    rssoFlushIpSession String
    Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable, disable.
    rssoLogFlags String
    Events to log. Valid values: protocol-error, profile-missing, accounting-stop-missed, accounting-event, endpoint-block, radiusd-other, none.
    rssoLogPeriod Number
    Time interval in seconds that group event log messages will be generated for dynamic profile events.
    rssoRadiusResponse String
    Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable, disable.
    rssoRadiusServerPort Number
    UDP port to listen on for RADIUS Start and Stop records.
    rssoSecret String
    RADIUS secret used by the RADIUS accounting server.
    rssoValidateRequestSecret String
    Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable, disable.
    secondarySecret String
    Secret key to access the secondary server.
    secondaryServer String
    {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
    secret String
    Pre-shared secret key used to access the primary RADIUS server.
    server String
    Primary RADIUS server CN domain name or IP address.
    serverIdentityCheck String
    Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable, disable.
    sourceIp String
    Source IP address for communications to the RADIUS server.
    ssoAttribute String
    RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id.
    ssoAttributeKey String
    Key prefix for SSO group value in the SSO attribute.
    ssoAttributeValueOverride String
    Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable, disable.
    statusTtl Number
    Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
    switchControllerAcctFastFramedipDetect Number
    Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
    switchControllerNasIpDynamic String
    Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable, disable.
    switchControllerServiceType String
    RADIUS service type. Valid values: login, framed, callback-login, callback-framed, outbound, administrative, nas-prompt, authenticate-only, callback-nas-prompt, call-check, callback-administrative.
    tertiarySecret String
    Secret key to access the tertiary server.
    tertiaryServer String
    {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
    timeout Number
    Time in seconds between re-sending authentication requests.
    tlsMinProtoVersion String
    Minimum supported protocol version for TLS connections (default is to follow system global setting).
    transportProtocol String
    Transport protocol to be used (default = udp). Valid values: udp, tcp, tls.
    useManagementVdom String
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    usernameCaseSensitive String
    Enable/disable case sensitive user names. Valid values: enable, disable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

    Supporting Types

    RadiusAccountingServer, RadiusAccountingServerArgs

    Id int
    ID (0 - 4294967295).
    Interface string
    Specify outgoing interface to reach server.
    InterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    Port int
    RADIUS accounting port number.
    Secret string
    Secret key.
    Server string
    {<name_str|ip_str>} Server CN domain name or IP.
    SourceIp string
    Source IP address for communications to the RADIUS server.
    Status string
    Status. Valid values: enable, disable.
    Id int
    ID (0 - 4294967295).
    Interface string
    Specify outgoing interface to reach server.
    InterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    Port int
    RADIUS accounting port number.
    Secret string
    Secret key.
    Server string
    {<name_str|ip_str>} Server CN domain name or IP.
    SourceIp string
    Source IP address for communications to the RADIUS server.
    Status string
    Status. Valid values: enable, disable.
    id Integer
    ID (0 - 4294967295).
    interfaceSelectMethod String
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    interface_ String
    Specify outgoing interface to reach server.
    port Integer
    RADIUS accounting port number.
    secret String
    Secret key.
    server String
    {<name_str|ip_str>} Server CN domain name or IP.
    sourceIp String
    Source IP address for communications to the RADIUS server.
    status String
    Status. Valid values: enable, disable.
    id number
    ID (0 - 4294967295).
    interface string
    Specify outgoing interface to reach server.
    interfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    port number
    RADIUS accounting port number.
    secret string
    Secret key.
    server string
    {<name_str|ip_str>} Server CN domain name or IP.
    sourceIp string
    Source IP address for communications to the RADIUS server.
    status string
    Status. Valid values: enable, disable.
    id int
    ID (0 - 4294967295).
    interface str
    Specify outgoing interface to reach server.
    interface_select_method str
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    port int
    RADIUS accounting port number.
    secret str
    Secret key.
    server str
    {<name_str|ip_str>} Server CN domain name or IP.
    source_ip str
    Source IP address for communications to the RADIUS server.
    status str
    Status. Valid values: enable, disable.
    id Number
    ID (0 - 4294967295).
    interface String
    Specify outgoing interface to reach server.
    interfaceSelectMethod String
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    port Number
    RADIUS accounting port number.
    secret String
    Secret key.
    server String
    {<name_str|ip_str>} Server CN domain name or IP.
    sourceIp String
    Source IP address for communications to the RADIUS server.
    status String
    Status. Valid values: enable, disable.

    RadiusClass, RadiusClassArgs

    Name string
    Class name.
    Name string
    Class name.
    name String
    Class name.
    name string
    Class name.
    name str
    Class name.
    name String
    Class name.

    Import

    User Radius can be imported using any of these accepted formats:

    $ pulumi import fortios:user/radius:Radius labelname {{name}}
    

    If you do not want to import arguments of block:

    $ export “FORTIOS_IMPORT_TABLE”=“false”

    $ pulumi import fortios:user/radius:Radius labelname {{name}}
    

    $ unset “FORTIOS_IMPORT_TABLE”

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.5 published on Tuesday, Apr 9, 2024 by pulumiverse