fortios.user.Radius
Explore with Pulumi AI
Configure RADIUS server entries.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.user.Radius("trname", {
    acctAllServers: "disable",
    allUsergroup: "disable",
    authType: "auto",
    h3cCompatibility: "disable",
    nasIp: "0.0.0.0",
    passwordEncoding: "auto",
    passwordRenewal: "disable",
    radiusCoa: "disable",
    radiusPort: 0,
    rsso: "disable",
    rssoContextTimeout: 28800,
    rssoEndpointAttribute: "Calling-Station-Id",
    rssoEpOneIpOnly: "disable",
    rssoFlushIpSession: "disable",
    rssoLogFlags: "protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other",
    rssoLogPeriod: 0,
    rssoRadiusResponse: "disable",
    rssoRadiusServerPort: 1813,
    rssoValidateRequestSecret: "disable",
    secret: "FDaaewjkeiw32",
    server: "1.1.1.1",
    ssoAttribute: "Class",
    ssoAttributeValueOverride: "enable",
    timeout: 5,
    useManagementVdom: "disable",
    usernameCaseSensitive: "disable",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.user.Radius("trname",
    acct_all_servers="disable",
    all_usergroup="disable",
    auth_type="auto",
    h3c_compatibility="disable",
    nas_ip="0.0.0.0",
    password_encoding="auto",
    password_renewal="disable",
    radius_coa="disable",
    radius_port=0,
    rsso="disable",
    rsso_context_timeout=28800,
    rsso_endpoint_attribute="Calling-Station-Id",
    rsso_ep_one_ip_only="disable",
    rsso_flush_ip_session="disable",
    rsso_log_flags="protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other",
    rsso_log_period=0,
    rsso_radius_response="disable",
    rsso_radius_server_port=1813,
    rsso_validate_request_secret="disable",
    secret="FDaaewjkeiw32",
    server="1.1.1.1",
    sso_attribute="Class",
    sso_attribute_value_override="enable",
    timeout=5,
    use_management_vdom="disable",
    username_case_sensitive="disable")
package main
import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/user"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := user.NewRadius(ctx, "trname", &user.RadiusArgs{
			AcctAllServers:            pulumi.String("disable"),
			AllUsergroup:              pulumi.String("disable"),
			AuthType:                  pulumi.String("auto"),
			H3cCompatibility:          pulumi.String("disable"),
			NasIp:                     pulumi.String("0.0.0.0"),
			PasswordEncoding:          pulumi.String("auto"),
			PasswordRenewal:           pulumi.String("disable"),
			RadiusCoa:                 pulumi.String("disable"),
			RadiusPort:                pulumi.Int(0),
			Rsso:                      pulumi.String("disable"),
			RssoContextTimeout:        pulumi.Int(28800),
			RssoEndpointAttribute:     pulumi.String("Calling-Station-Id"),
			RssoEpOneIpOnly:           pulumi.String("disable"),
			RssoFlushIpSession:        pulumi.String("disable"),
			RssoLogFlags:              pulumi.String("protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other"),
			RssoLogPeriod:             pulumi.Int(0),
			RssoRadiusResponse:        pulumi.String("disable"),
			RssoRadiusServerPort:      pulumi.Int(1813),
			RssoValidateRequestSecret: pulumi.String("disable"),
			Secret:                    pulumi.String("FDaaewjkeiw32"),
			Server:                    pulumi.String("1.1.1.1"),
			SsoAttribute:              pulumi.String("Class"),
			SsoAttributeValueOverride: pulumi.String("enable"),
			Timeout:                   pulumi.Int(5),
			UseManagementVdom:         pulumi.String("disable"),
			UsernameCaseSensitive:     pulumi.String("disable"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() => 
{
    var trname = new Fortios.User.Radius("trname", new()
    {
        AcctAllServers = "disable",
        AllUsergroup = "disable",
        AuthType = "auto",
        H3cCompatibility = "disable",
        NasIp = "0.0.0.0",
        PasswordEncoding = "auto",
        PasswordRenewal = "disable",
        RadiusCoa = "disable",
        RadiusPort = 0,
        Rsso = "disable",
        RssoContextTimeout = 28800,
        RssoEndpointAttribute = "Calling-Station-Id",
        RssoEpOneIpOnly = "disable",
        RssoFlushIpSession = "disable",
        RssoLogFlags = "protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other",
        RssoLogPeriod = 0,
        RssoRadiusResponse = "disable",
        RssoRadiusServerPort = 1813,
        RssoValidateRequestSecret = "disable",
        Secret = "FDaaewjkeiw32",
        Server = "1.1.1.1",
        SsoAttribute = "Class",
        SsoAttributeValueOverride = "enable",
        Timeout = 5,
        UseManagementVdom = "disable",
        UsernameCaseSensitive = "disable",
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.user.Radius;
import com.pulumi.fortios.user.RadiusArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var trname = new Radius("trname", RadiusArgs.builder()
            .acctAllServers("disable")
            .allUsergroup("disable")
            .authType("auto")
            .h3cCompatibility("disable")
            .nasIp("0.0.0.0")
            .passwordEncoding("auto")
            .passwordRenewal("disable")
            .radiusCoa("disable")
            .radiusPort(0)
            .rsso("disable")
            .rssoContextTimeout(28800)
            .rssoEndpointAttribute("Calling-Station-Id")
            .rssoEpOneIpOnly("disable")
            .rssoFlushIpSession("disable")
            .rssoLogFlags("protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other")
            .rssoLogPeriod(0)
            .rssoRadiusResponse("disable")
            .rssoRadiusServerPort(1813)
            .rssoValidateRequestSecret("disable")
            .secret("FDaaewjkeiw32")
            .server("1.1.1.1")
            .ssoAttribute("Class")
            .ssoAttributeValueOverride("enable")
            .timeout(5)
            .useManagementVdom("disable")
            .usernameCaseSensitive("disable")
            .build());
    }
}
resources:
  trname:
    type: fortios:user:Radius
    properties:
      acctAllServers: disable
      allUsergroup: disable
      authType: auto
      h3cCompatibility: disable
      nasIp: 0.0.0.0
      passwordEncoding: auto
      passwordRenewal: disable
      radiusCoa: disable
      radiusPort: 0
      rsso: disable
      rssoContextTimeout: 28800
      rssoEndpointAttribute: Calling-Station-Id
      rssoEpOneIpOnly: disable
      rssoFlushIpSession: disable
      rssoLogFlags: protocol-error profile-missing accounting-stop-missed accounting-event endpoint-block radiusd-other
      rssoLogPeriod: 0
      rssoRadiusResponse: disable
      rssoRadiusServerPort: 1813
      rssoValidateRequestSecret: disable
      secret: FDaaewjkeiw32
      server: 1.1.1.1
      ssoAttribute: Class
      ssoAttributeValueOverride: enable
      timeout: 5
      useManagementVdom: disable
      usernameCaseSensitive: disable
Create Radius Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Radius(name: string, args?: RadiusArgs, opts?: CustomResourceOptions);@overload
def Radius(resource_name: str,
           args: Optional[RadiusArgs] = None,
           opts: Optional[ResourceOptions] = None)
@overload
def Radius(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           account_key_cert_field: Optional[str] = None,
           account_key_processing: Optional[str] = None,
           accounting_servers: Optional[Sequence[RadiusAccountingServerArgs]] = None,
           acct_all_servers: Optional[str] = None,
           acct_interim_interval: Optional[int] = None,
           all_usergroup: Optional[str] = None,
           auth_type: Optional[str] = None,
           ca_cert: Optional[str] = None,
           call_station_id_type: Optional[str] = None,
           classes: Optional[Sequence[RadiusClassArgs]] = None,
           client_cert: Optional[str] = None,
           delimiter: Optional[str] = None,
           dynamic_sort_subtable: Optional[str] = None,
           get_all_tables: Optional[str] = None,
           group_override_attr_type: Optional[str] = None,
           h3c_compatibility: Optional[str] = None,
           interface: Optional[str] = None,
           interface_select_method: Optional[str] = None,
           mac_case: Optional[str] = None,
           mac_password_delimiter: Optional[str] = None,
           mac_username_delimiter: Optional[str] = None,
           name: Optional[str] = None,
           nas_id: Optional[str] = None,
           nas_id_type: Optional[str] = None,
           nas_ip: Optional[str] = None,
           password_encoding: Optional[str] = None,
           password_renewal: Optional[str] = None,
           radius_coa: Optional[str] = None,
           radius_port: Optional[int] = None,
           rsso: Optional[str] = None,
           rsso_context_timeout: Optional[int] = None,
           rsso_endpoint_attribute: Optional[str] = None,
           rsso_endpoint_block_attribute: Optional[str] = None,
           rsso_ep_one_ip_only: Optional[str] = None,
           rsso_flush_ip_session: Optional[str] = None,
           rsso_log_flags: Optional[str] = None,
           rsso_log_period: Optional[int] = None,
           rsso_radius_response: Optional[str] = None,
           rsso_radius_server_port: Optional[int] = None,
           rsso_secret: Optional[str] = None,
           rsso_validate_request_secret: Optional[str] = None,
           secondary_secret: Optional[str] = None,
           secondary_server: Optional[str] = None,
           secret: Optional[str] = None,
           server: Optional[str] = None,
           server_identity_check: Optional[str] = None,
           source_ip: Optional[str] = None,
           sso_attribute: Optional[str] = None,
           sso_attribute_key: Optional[str] = None,
           sso_attribute_value_override: Optional[str] = None,
           status_ttl: Optional[int] = None,
           switch_controller_acct_fast_framedip_detect: Optional[int] = None,
           switch_controller_nas_ip_dynamic: Optional[str] = None,
           switch_controller_service_type: Optional[str] = None,
           tertiary_secret: Optional[str] = None,
           tertiary_server: Optional[str] = None,
           timeout: Optional[int] = None,
           tls_min_proto_version: Optional[str] = None,
           transport_protocol: Optional[str] = None,
           use_management_vdom: Optional[str] = None,
           username_case_sensitive: Optional[str] = None,
           vdomparam: Optional[str] = None)func NewRadius(ctx *Context, name string, args *RadiusArgs, opts ...ResourceOption) (*Radius, error)public Radius(string name, RadiusArgs? args = null, CustomResourceOptions? opts = null)
public Radius(String name, RadiusArgs args)
public Radius(String name, RadiusArgs args, CustomResourceOptions options)
type: fortios:user:Radius
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RadiusArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RadiusArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RadiusArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RadiusArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RadiusArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var radiusResource = new Fortios.User.Radius("radiusResource", new()
{
    AccountKeyCertField = "string",
    AccountKeyProcessing = "string",
    AccountingServers = new[]
    {
        new Fortios.User.Inputs.RadiusAccountingServerArgs
        {
            Id = 0,
            Interface = "string",
            InterfaceSelectMethod = "string",
            Port = 0,
            Secret = "string",
            Server = "string",
            SourceIp = "string",
            Status = "string",
        },
    },
    AcctAllServers = "string",
    AcctInterimInterval = 0,
    AllUsergroup = "string",
    AuthType = "string",
    CaCert = "string",
    CallStationIdType = "string",
    Classes = new[]
    {
        new Fortios.User.Inputs.RadiusClassArgs
        {
            Name = "string",
        },
    },
    ClientCert = "string",
    Delimiter = "string",
    DynamicSortSubtable = "string",
    GetAllTables = "string",
    GroupOverrideAttrType = "string",
    H3cCompatibility = "string",
    Interface = "string",
    InterfaceSelectMethod = "string",
    MacCase = "string",
    MacPasswordDelimiter = "string",
    MacUsernameDelimiter = "string",
    Name = "string",
    NasId = "string",
    NasIdType = "string",
    NasIp = "string",
    PasswordEncoding = "string",
    PasswordRenewal = "string",
    RadiusCoa = "string",
    RadiusPort = 0,
    Rsso = "string",
    RssoContextTimeout = 0,
    RssoEndpointAttribute = "string",
    RssoEndpointBlockAttribute = "string",
    RssoEpOneIpOnly = "string",
    RssoFlushIpSession = "string",
    RssoLogFlags = "string",
    RssoLogPeriod = 0,
    RssoRadiusResponse = "string",
    RssoRadiusServerPort = 0,
    RssoSecret = "string",
    RssoValidateRequestSecret = "string",
    SecondarySecret = "string",
    SecondaryServer = "string",
    Secret = "string",
    Server = "string",
    ServerIdentityCheck = "string",
    SourceIp = "string",
    SsoAttribute = "string",
    SsoAttributeKey = "string",
    SsoAttributeValueOverride = "string",
    StatusTtl = 0,
    SwitchControllerAcctFastFramedipDetect = 0,
    SwitchControllerNasIpDynamic = "string",
    SwitchControllerServiceType = "string",
    TertiarySecret = "string",
    TertiaryServer = "string",
    Timeout = 0,
    TlsMinProtoVersion = "string",
    TransportProtocol = "string",
    UseManagementVdom = "string",
    UsernameCaseSensitive = "string",
    Vdomparam = "string",
});
example, err := user.NewRadius(ctx, "radiusResource", &user.RadiusArgs{
	AccountKeyCertField:  pulumi.String("string"),
	AccountKeyProcessing: pulumi.String("string"),
	AccountingServers: user.RadiusAccountingServerArray{
		&user.RadiusAccountingServerArgs{
			Id:                    pulumi.Int(0),
			Interface:             pulumi.String("string"),
			InterfaceSelectMethod: pulumi.String("string"),
			Port:                  pulumi.Int(0),
			Secret:                pulumi.String("string"),
			Server:                pulumi.String("string"),
			SourceIp:              pulumi.String("string"),
			Status:                pulumi.String("string"),
		},
	},
	AcctAllServers:      pulumi.String("string"),
	AcctInterimInterval: pulumi.Int(0),
	AllUsergroup:        pulumi.String("string"),
	AuthType:            pulumi.String("string"),
	CaCert:              pulumi.String("string"),
	CallStationIdType:   pulumi.String("string"),
	Classes: user.RadiusClassArray{
		&user.RadiusClassArgs{
			Name: pulumi.String("string"),
		},
	},
	ClientCert:                             pulumi.String("string"),
	Delimiter:                              pulumi.String("string"),
	DynamicSortSubtable:                    pulumi.String("string"),
	GetAllTables:                           pulumi.String("string"),
	GroupOverrideAttrType:                  pulumi.String("string"),
	H3cCompatibility:                       pulumi.String("string"),
	Interface:                              pulumi.String("string"),
	InterfaceSelectMethod:                  pulumi.String("string"),
	MacCase:                                pulumi.String("string"),
	MacPasswordDelimiter:                   pulumi.String("string"),
	MacUsernameDelimiter:                   pulumi.String("string"),
	Name:                                   pulumi.String("string"),
	NasId:                                  pulumi.String("string"),
	NasIdType:                              pulumi.String("string"),
	NasIp:                                  pulumi.String("string"),
	PasswordEncoding:                       pulumi.String("string"),
	PasswordRenewal:                        pulumi.String("string"),
	RadiusCoa:                              pulumi.String("string"),
	RadiusPort:                             pulumi.Int(0),
	Rsso:                                   pulumi.String("string"),
	RssoContextTimeout:                     pulumi.Int(0),
	RssoEndpointAttribute:                  pulumi.String("string"),
	RssoEndpointBlockAttribute:             pulumi.String("string"),
	RssoEpOneIpOnly:                        pulumi.String("string"),
	RssoFlushIpSession:                     pulumi.String("string"),
	RssoLogFlags:                           pulumi.String("string"),
	RssoLogPeriod:                          pulumi.Int(0),
	RssoRadiusResponse:                     pulumi.String("string"),
	RssoRadiusServerPort:                   pulumi.Int(0),
	RssoSecret:                             pulumi.String("string"),
	RssoValidateRequestSecret:              pulumi.String("string"),
	SecondarySecret:                        pulumi.String("string"),
	SecondaryServer:                        pulumi.String("string"),
	Secret:                                 pulumi.String("string"),
	Server:                                 pulumi.String("string"),
	ServerIdentityCheck:                    pulumi.String("string"),
	SourceIp:                               pulumi.String("string"),
	SsoAttribute:                           pulumi.String("string"),
	SsoAttributeKey:                        pulumi.String("string"),
	SsoAttributeValueOverride:              pulumi.String("string"),
	StatusTtl:                              pulumi.Int(0),
	SwitchControllerAcctFastFramedipDetect: pulumi.Int(0),
	SwitchControllerNasIpDynamic:           pulumi.String("string"),
	SwitchControllerServiceType:            pulumi.String("string"),
	TertiarySecret:                         pulumi.String("string"),
	TertiaryServer:                         pulumi.String("string"),
	Timeout:                                pulumi.Int(0),
	TlsMinProtoVersion:                     pulumi.String("string"),
	TransportProtocol:                      pulumi.String("string"),
	UseManagementVdom:                      pulumi.String("string"),
	UsernameCaseSensitive:                  pulumi.String("string"),
	Vdomparam:                              pulumi.String("string"),
})
var radiusResource = new Radius("radiusResource", RadiusArgs.builder()
    .accountKeyCertField("string")
    .accountKeyProcessing("string")
    .accountingServers(RadiusAccountingServerArgs.builder()
        .id(0)
        .interface_("string")
        .interfaceSelectMethod("string")
        .port(0)
        .secret("string")
        .server("string")
        .sourceIp("string")
        .status("string")
        .build())
    .acctAllServers("string")
    .acctInterimInterval(0)
    .allUsergroup("string")
    .authType("string")
    .caCert("string")
    .callStationIdType("string")
    .classes(RadiusClassArgs.builder()
        .name("string")
        .build())
    .clientCert("string")
    .delimiter("string")
    .dynamicSortSubtable("string")
    .getAllTables("string")
    .groupOverrideAttrType("string")
    .h3cCompatibility("string")
    .interface_("string")
    .interfaceSelectMethod("string")
    .macCase("string")
    .macPasswordDelimiter("string")
    .macUsernameDelimiter("string")
    .name("string")
    .nasId("string")
    .nasIdType("string")
    .nasIp("string")
    .passwordEncoding("string")
    .passwordRenewal("string")
    .radiusCoa("string")
    .radiusPort(0)
    .rsso("string")
    .rssoContextTimeout(0)
    .rssoEndpointAttribute("string")
    .rssoEndpointBlockAttribute("string")
    .rssoEpOneIpOnly("string")
    .rssoFlushIpSession("string")
    .rssoLogFlags("string")
    .rssoLogPeriod(0)
    .rssoRadiusResponse("string")
    .rssoRadiusServerPort(0)
    .rssoSecret("string")
    .rssoValidateRequestSecret("string")
    .secondarySecret("string")
    .secondaryServer("string")
    .secret("string")
    .server("string")
    .serverIdentityCheck("string")
    .sourceIp("string")
    .ssoAttribute("string")
    .ssoAttributeKey("string")
    .ssoAttributeValueOverride("string")
    .statusTtl(0)
    .switchControllerAcctFastFramedipDetect(0)
    .switchControllerNasIpDynamic("string")
    .switchControllerServiceType("string")
    .tertiarySecret("string")
    .tertiaryServer("string")
    .timeout(0)
    .tlsMinProtoVersion("string")
    .transportProtocol("string")
    .useManagementVdom("string")
    .usernameCaseSensitive("string")
    .vdomparam("string")
    .build());
radius_resource = fortios.user.Radius("radiusResource",
    account_key_cert_field="string",
    account_key_processing="string",
    accounting_servers=[{
        "id": 0,
        "interface": "string",
        "interface_select_method": "string",
        "port": 0,
        "secret": "string",
        "server": "string",
        "source_ip": "string",
        "status": "string",
    }],
    acct_all_servers="string",
    acct_interim_interval=0,
    all_usergroup="string",
    auth_type="string",
    ca_cert="string",
    call_station_id_type="string",
    classes=[{
        "name": "string",
    }],
    client_cert="string",
    delimiter="string",
    dynamic_sort_subtable="string",
    get_all_tables="string",
    group_override_attr_type="string",
    h3c_compatibility="string",
    interface="string",
    interface_select_method="string",
    mac_case="string",
    mac_password_delimiter="string",
    mac_username_delimiter="string",
    name="string",
    nas_id="string",
    nas_id_type="string",
    nas_ip="string",
    password_encoding="string",
    password_renewal="string",
    radius_coa="string",
    radius_port=0,
    rsso="string",
    rsso_context_timeout=0,
    rsso_endpoint_attribute="string",
    rsso_endpoint_block_attribute="string",
    rsso_ep_one_ip_only="string",
    rsso_flush_ip_session="string",
    rsso_log_flags="string",
    rsso_log_period=0,
    rsso_radius_response="string",
    rsso_radius_server_port=0,
    rsso_secret="string",
    rsso_validate_request_secret="string",
    secondary_secret="string",
    secondary_server="string",
    secret="string",
    server="string",
    server_identity_check="string",
    source_ip="string",
    sso_attribute="string",
    sso_attribute_key="string",
    sso_attribute_value_override="string",
    status_ttl=0,
    switch_controller_acct_fast_framedip_detect=0,
    switch_controller_nas_ip_dynamic="string",
    switch_controller_service_type="string",
    tertiary_secret="string",
    tertiary_server="string",
    timeout=0,
    tls_min_proto_version="string",
    transport_protocol="string",
    use_management_vdom="string",
    username_case_sensitive="string",
    vdomparam="string")
const radiusResource = new fortios.user.Radius("radiusResource", {
    accountKeyCertField: "string",
    accountKeyProcessing: "string",
    accountingServers: [{
        id: 0,
        "interface": "string",
        interfaceSelectMethod: "string",
        port: 0,
        secret: "string",
        server: "string",
        sourceIp: "string",
        status: "string",
    }],
    acctAllServers: "string",
    acctInterimInterval: 0,
    allUsergroup: "string",
    authType: "string",
    caCert: "string",
    callStationIdType: "string",
    classes: [{
        name: "string",
    }],
    clientCert: "string",
    delimiter: "string",
    dynamicSortSubtable: "string",
    getAllTables: "string",
    groupOverrideAttrType: "string",
    h3cCompatibility: "string",
    "interface": "string",
    interfaceSelectMethod: "string",
    macCase: "string",
    macPasswordDelimiter: "string",
    macUsernameDelimiter: "string",
    name: "string",
    nasId: "string",
    nasIdType: "string",
    nasIp: "string",
    passwordEncoding: "string",
    passwordRenewal: "string",
    radiusCoa: "string",
    radiusPort: 0,
    rsso: "string",
    rssoContextTimeout: 0,
    rssoEndpointAttribute: "string",
    rssoEndpointBlockAttribute: "string",
    rssoEpOneIpOnly: "string",
    rssoFlushIpSession: "string",
    rssoLogFlags: "string",
    rssoLogPeriod: 0,
    rssoRadiusResponse: "string",
    rssoRadiusServerPort: 0,
    rssoSecret: "string",
    rssoValidateRequestSecret: "string",
    secondarySecret: "string",
    secondaryServer: "string",
    secret: "string",
    server: "string",
    serverIdentityCheck: "string",
    sourceIp: "string",
    ssoAttribute: "string",
    ssoAttributeKey: "string",
    ssoAttributeValueOverride: "string",
    statusTtl: 0,
    switchControllerAcctFastFramedipDetect: 0,
    switchControllerNasIpDynamic: "string",
    switchControllerServiceType: "string",
    tertiarySecret: "string",
    tertiaryServer: "string",
    timeout: 0,
    tlsMinProtoVersion: "string",
    transportProtocol: "string",
    useManagementVdom: "string",
    usernameCaseSensitive: "string",
    vdomparam: "string",
});
type: fortios:user:Radius
properties:
    accountKeyCertField: string
    accountKeyProcessing: string
    accountingServers:
        - id: 0
          interface: string
          interfaceSelectMethod: string
          port: 0
          secret: string
          server: string
          sourceIp: string
          status: string
    acctAllServers: string
    acctInterimInterval: 0
    allUsergroup: string
    authType: string
    caCert: string
    callStationIdType: string
    classes:
        - name: string
    clientCert: string
    delimiter: string
    dynamicSortSubtable: string
    getAllTables: string
    groupOverrideAttrType: string
    h3cCompatibility: string
    interface: string
    interfaceSelectMethod: string
    macCase: string
    macPasswordDelimiter: string
    macUsernameDelimiter: string
    name: string
    nasId: string
    nasIdType: string
    nasIp: string
    passwordEncoding: string
    passwordRenewal: string
    radiusCoa: string
    radiusPort: 0
    rsso: string
    rssoContextTimeout: 0
    rssoEndpointAttribute: string
    rssoEndpointBlockAttribute: string
    rssoEpOneIpOnly: string
    rssoFlushIpSession: string
    rssoLogFlags: string
    rssoLogPeriod: 0
    rssoRadiusResponse: string
    rssoRadiusServerPort: 0
    rssoSecret: string
    rssoValidateRequestSecret: string
    secondarySecret: string
    secondaryServer: string
    secret: string
    server: string
    serverIdentityCheck: string
    sourceIp: string
    ssoAttribute: string
    ssoAttributeKey: string
    ssoAttributeValueOverride: string
    statusTtl: 0
    switchControllerAcctFastFramedipDetect: 0
    switchControllerNasIpDynamic: string
    switchControllerServiceType: string
    tertiarySecret: string
    tertiaryServer: string
    timeout: 0
    tlsMinProtoVersion: string
    transportProtocol: string
    useManagementVdom: string
    usernameCaseSensitive: string
    vdomparam: string
Radius Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Radius resource accepts the following input properties:
- AccountKey stringCert Field 
- Define subject identity field in certificate for user access right checking.
- AccountKey stringProcessing 
- Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same,strip.
- AccountingServers List<Pulumiverse.Fortios. User. Inputs. Radius Accounting Server> 
- Additional accounting servers. The structure of accounting_serverblock is documented below.
- AcctAll stringServers 
- Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable,disable.
- AcctInterim intInterval 
- Time in seconds between each accounting interim update message.
- AllUsergroup string
- Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable,enable.
- AuthType string
- Authentication methods/protocols permitted for this RADIUS server. Valid values: auto,ms_chap_v2,ms_chap,chap,pap.
- CaCert string
- CA of server to trust under TLS.
- CallStation stringId Type 
- Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy,IP,MAC.
- Classes
List<Pulumiverse.Fortios. User. Inputs. Radius Class> 
- Class attribute name(s). The structure of classblock is documented below.
- ClientCert string
- Client certificate to use under TLS.
- Delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus,comma.
- DynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- GroupOverride stringAttr Type 
- RADIUS attribute type to override user group information. Valid values: filter-Id,class.
- H3cCompatibility string
- Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable,disable.
- Interface string
- Specify outgoing interface to reach server.
- InterfaceSelect stringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- MacCase string
- MAC authentication case (default = lowercase). Valid values: uppercase,lowercase.
- MacPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- Name string
- RADIUS server entry name.
- NasId string
- Custom NAS identifier.
- NasId stringType 
- NAS identifier type configuration (default = legacy). Valid values: legacy,custom,hostname.
- NasIp string
- IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- PasswordEncoding string
- Password encoding. Valid values: auto,ISO-8859-1.
- PasswordRenewal string
- Enable/disable password renewal. Valid values: enable,disable.
- RadiusCoa string
- Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable,disable.
- RadiusPort int
- RADIUS service port number.
- Rsso string
- Enable/disable RADIUS based single sign on feature. Valid values: enable,disable.
- RssoContext intTimeout 
- Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- RssoEndpoint stringAttribute 
- RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- RssoEndpoint stringBlock Attribute 
- RADIUS attributes used to block a user. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- RssoEp stringOne Ip Only 
- Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable,disable.
- RssoFlush stringIp Session 
- Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable,disable.
- RssoLog stringFlags 
- Events to log. Valid values: protocol-error,profile-missing,accounting-stop-missed,accounting-event,endpoint-block,radiusd-other,none.
- RssoLog intPeriod 
- Time interval in seconds that group event log messages will be generated for dynamic profile events.
- RssoRadius stringResponse 
- Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable,disable.
- RssoRadius intServer Port 
- UDP port to listen on for RADIUS Start and Stop records.
- RssoSecret string
- RADIUS secret used by the RADIUS accounting server.
- RssoValidate stringRequest Secret 
- Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable,disable.
- SecondarySecret string
- Secret key to access the secondary server.
- SecondaryServer string
- {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- Secret string
- Pre-shared secret key used to access the primary RADIUS server.
- Server string
- Primary RADIUS server CN domain name or IP address.
- ServerIdentity stringCheck 
- Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable,disable.
- SourceIp string
- Source IP address for communications to the RADIUS server.
- SsoAttribute string
- RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- SsoAttribute stringKey 
- Key prefix for SSO group value in the SSO attribute.
- SsoAttribute stringValue Override 
- Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable,disable.
- StatusTtl int
- Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- SwitchController intAcct Fast Framedip Detect 
- Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- SwitchController stringNas Ip Dynamic 
- Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable,disable.
- SwitchController stringService Type 
- RADIUS service type. Valid values: login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative.
- TertiarySecret string
- Secret key to access the tertiary server.
- TertiaryServer string
- {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- Timeout int
- Time in seconds between re-sending authentication requests.
- TlsMin stringProto Version 
- Minimum supported protocol version for TLS connections (default is to follow system global setting).
- TransportProtocol string
- Transport protocol to be used (default = udp). Valid values: udp,tcp,tls.
- UseManagement stringVdom 
- Enable/disable using management VDOM to send requests. Valid values: enable,disable.
- UsernameCase stringSensitive 
- Enable/disable case sensitive user names. Valid values: enable,disable.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- AccountKey stringCert Field 
- Define subject identity field in certificate for user access right checking.
- AccountKey stringProcessing 
- Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same,strip.
- AccountingServers []RadiusAccounting Server Args 
- Additional accounting servers. The structure of accounting_serverblock is documented below.
- AcctAll stringServers 
- Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable,disable.
- AcctInterim intInterval 
- Time in seconds between each accounting interim update message.
- AllUsergroup string
- Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable,enable.
- AuthType string
- Authentication methods/protocols permitted for this RADIUS server. Valid values: auto,ms_chap_v2,ms_chap,chap,pap.
- CaCert string
- CA of server to trust under TLS.
- CallStation stringId Type 
- Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy,IP,MAC.
- Classes
[]RadiusClass Args 
- Class attribute name(s). The structure of classblock is documented below.
- ClientCert string
- Client certificate to use under TLS.
- Delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus,comma.
- DynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- GroupOverride stringAttr Type 
- RADIUS attribute type to override user group information. Valid values: filter-Id,class.
- H3cCompatibility string
- Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable,disable.
- Interface string
- Specify outgoing interface to reach server.
- InterfaceSelect stringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- MacCase string
- MAC authentication case (default = lowercase). Valid values: uppercase,lowercase.
- MacPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- Name string
- RADIUS server entry name.
- NasId string
- Custom NAS identifier.
- NasId stringType 
- NAS identifier type configuration (default = legacy). Valid values: legacy,custom,hostname.
- NasIp string
- IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- PasswordEncoding string
- Password encoding. Valid values: auto,ISO-8859-1.
- PasswordRenewal string
- Enable/disable password renewal. Valid values: enable,disable.
- RadiusCoa string
- Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable,disable.
- RadiusPort int
- RADIUS service port number.
- Rsso string
- Enable/disable RADIUS based single sign on feature. Valid values: enable,disable.
- RssoContext intTimeout 
- Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- RssoEndpoint stringAttribute 
- RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- RssoEndpoint stringBlock Attribute 
- RADIUS attributes used to block a user. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- RssoEp stringOne Ip Only 
- Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable,disable.
- RssoFlush stringIp Session 
- Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable,disable.
- RssoLog stringFlags 
- Events to log. Valid values: protocol-error,profile-missing,accounting-stop-missed,accounting-event,endpoint-block,radiusd-other,none.
- RssoLog intPeriod 
- Time interval in seconds that group event log messages will be generated for dynamic profile events.
- RssoRadius stringResponse 
- Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable,disable.
- RssoRadius intServer Port 
- UDP port to listen on for RADIUS Start and Stop records.
- RssoSecret string
- RADIUS secret used by the RADIUS accounting server.
- RssoValidate stringRequest Secret 
- Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable,disable.
- SecondarySecret string
- Secret key to access the secondary server.
- SecondaryServer string
- {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- Secret string
- Pre-shared secret key used to access the primary RADIUS server.
- Server string
- Primary RADIUS server CN domain name or IP address.
- ServerIdentity stringCheck 
- Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable,disable.
- SourceIp string
- Source IP address for communications to the RADIUS server.
- SsoAttribute string
- RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- SsoAttribute stringKey 
- Key prefix for SSO group value in the SSO attribute.
- SsoAttribute stringValue Override 
- Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable,disable.
- StatusTtl int
- Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- SwitchController intAcct Fast Framedip Detect 
- Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- SwitchController stringNas Ip Dynamic 
- Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable,disable.
- SwitchController stringService Type 
- RADIUS service type. Valid values: login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative.
- TertiarySecret string
- Secret key to access the tertiary server.
- TertiaryServer string
- {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- Timeout int
- Time in seconds between re-sending authentication requests.
- TlsMin stringProto Version 
- Minimum supported protocol version for TLS connections (default is to follow system global setting).
- TransportProtocol string
- Transport protocol to be used (default = udp). Valid values: udp,tcp,tls.
- UseManagement stringVdom 
- Enable/disable using management VDOM to send requests. Valid values: enable,disable.
- UsernameCase stringSensitive 
- Enable/disable case sensitive user names. Valid values: enable,disable.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- accountKey StringCert Field 
- Define subject identity field in certificate for user access right checking.
- accountKey StringProcessing 
- Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same,strip.
- accountingServers List<RadiusAccounting Server> 
- Additional accounting servers. The structure of accounting_serverblock is documented below.
- acctAll StringServers 
- Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable,disable.
- acctInterim IntegerInterval 
- Time in seconds between each accounting interim update message.
- allUsergroup String
- Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable,enable.
- authType String
- Authentication methods/protocols permitted for this RADIUS server. Valid values: auto,ms_chap_v2,ms_chap,chap,pap.
- caCert String
- CA of server to trust under TLS.
- callStation StringId Type 
- Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy,IP,MAC.
- classes
List<RadiusClass> 
- Class attribute name(s). The structure of classblock is documented below.
- clientCert String
- Client certificate to use under TLS.
- delimiter String
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus,comma.
- dynamicSort StringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- groupOverride StringAttr Type 
- RADIUS attribute type to override user group information. Valid values: filter-Id,class.
- h3cCompatibility String
- Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable,disable.
- interfaceSelect StringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- interface_ String
- Specify outgoing interface to reach server.
- macCase String
- MAC authentication case (default = lowercase). Valid values: uppercase,lowercase.
- macPassword StringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername StringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- name String
- RADIUS server entry name.
- nasId String
- Custom NAS identifier.
- nasId StringType 
- NAS identifier type configuration (default = legacy). Valid values: legacy,custom,hostname.
- nasIp String
- IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- passwordEncoding String
- Password encoding. Valid values: auto,ISO-8859-1.
- passwordRenewal String
- Enable/disable password renewal. Valid values: enable,disable.
- radiusCoa String
- Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable,disable.
- radiusPort Integer
- RADIUS service port number.
- rsso String
- Enable/disable RADIUS based single sign on feature. Valid values: enable,disable.
- rssoContext IntegerTimeout 
- Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rssoEndpoint StringAttribute 
- RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rssoEndpoint StringBlock Attribute 
- RADIUS attributes used to block a user. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rssoEp StringOne Ip Only 
- Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable,disable.
- rssoFlush StringIp Session 
- Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable,disable.
- rssoLog StringFlags 
- Events to log. Valid values: protocol-error,profile-missing,accounting-stop-missed,accounting-event,endpoint-block,radiusd-other,none.
- rssoLog IntegerPeriod 
- Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rssoRadius StringResponse 
- Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable,disable.
- rssoRadius IntegerServer Port 
- UDP port to listen on for RADIUS Start and Stop records.
- rssoSecret String
- RADIUS secret used by the RADIUS accounting server.
- rssoValidate StringRequest Secret 
- Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable,disable.
- secondarySecret String
- Secret key to access the secondary server.
- secondaryServer String
- {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret String
- Pre-shared secret key used to access the primary RADIUS server.
- server String
- Primary RADIUS server CN domain name or IP address.
- serverIdentity StringCheck 
- Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable,disable.
- sourceIp String
- Source IP address for communications to the RADIUS server.
- ssoAttribute String
- RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- ssoAttribute StringKey 
- Key prefix for SSO group value in the SSO attribute.
- ssoAttribute StringValue Override 
- Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable,disable.
- statusTtl Integer
- Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switchController IntegerAcct Fast Framedip Detect 
- Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switchController StringNas Ip Dynamic 
- Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable,disable.
- switchController StringService Type 
- RADIUS service type. Valid values: login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative.
- tertiarySecret String
- Secret key to access the tertiary server.
- tertiaryServer String
- {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout Integer
- Time in seconds between re-sending authentication requests.
- tlsMin StringProto Version 
- Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transportProtocol String
- Transport protocol to be used (default = udp). Valid values: udp,tcp,tls.
- useManagement StringVdom 
- Enable/disable using management VDOM to send requests. Valid values: enable,disable.
- usernameCase StringSensitive 
- Enable/disable case sensitive user names. Valid values: enable,disable.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- accountKey stringCert Field 
- Define subject identity field in certificate for user access right checking.
- accountKey stringProcessing 
- Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same,strip.
- accountingServers RadiusAccounting Server[] 
- Additional accounting servers. The structure of accounting_serverblock is documented below.
- acctAll stringServers 
- Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable,disable.
- acctInterim numberInterval 
- Time in seconds between each accounting interim update message.
- allUsergroup string
- Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable,enable.
- authType string
- Authentication methods/protocols permitted for this RADIUS server. Valid values: auto,ms_chap_v2,ms_chap,chap,pap.
- caCert string
- CA of server to trust under TLS.
- callStation stringId Type 
- Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy,IP,MAC.
- classes
RadiusClass[] 
- Class attribute name(s). The structure of classblock is documented below.
- clientCert string
- Client certificate to use under TLS.
- delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus,comma.
- dynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- getAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- groupOverride stringAttr Type 
- RADIUS attribute type to override user group information. Valid values: filter-Id,class.
- h3cCompatibility string
- Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable,disable.
- interface string
- Specify outgoing interface to reach server.
- interfaceSelect stringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- macCase string
- MAC authentication case (default = lowercase). Valid values: uppercase,lowercase.
- macPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- name string
- RADIUS server entry name.
- nasId string
- Custom NAS identifier.
- nasId stringType 
- NAS identifier type configuration (default = legacy). Valid values: legacy,custom,hostname.
- nasIp string
- IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- passwordEncoding string
- Password encoding. Valid values: auto,ISO-8859-1.
- passwordRenewal string
- Enable/disable password renewal. Valid values: enable,disable.
- radiusCoa string
- Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable,disable.
- radiusPort number
- RADIUS service port number.
- rsso string
- Enable/disable RADIUS based single sign on feature. Valid values: enable,disable.
- rssoContext numberTimeout 
- Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rssoEndpoint stringAttribute 
- RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rssoEndpoint stringBlock Attribute 
- RADIUS attributes used to block a user. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rssoEp stringOne Ip Only 
- Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable,disable.
- rssoFlush stringIp Session 
- Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable,disable.
- rssoLog stringFlags 
- Events to log. Valid values: protocol-error,profile-missing,accounting-stop-missed,accounting-event,endpoint-block,radiusd-other,none.
- rssoLog numberPeriod 
- Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rssoRadius stringResponse 
- Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable,disable.
- rssoRadius numberServer Port 
- UDP port to listen on for RADIUS Start and Stop records.
- rssoSecret string
- RADIUS secret used by the RADIUS accounting server.
- rssoValidate stringRequest Secret 
- Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable,disable.
- secondarySecret string
- Secret key to access the secondary server.
- secondaryServer string
- {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret string
- Pre-shared secret key used to access the primary RADIUS server.
- server string
- Primary RADIUS server CN domain name or IP address.
- serverIdentity stringCheck 
- Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable,disable.
- sourceIp string
- Source IP address for communications to the RADIUS server.
- ssoAttribute string
- RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- ssoAttribute stringKey 
- Key prefix for SSO group value in the SSO attribute.
- ssoAttribute stringValue Override 
- Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable,disable.
- statusTtl number
- Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switchController numberAcct Fast Framedip Detect 
- Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switchController stringNas Ip Dynamic 
- Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable,disable.
- switchController stringService Type 
- RADIUS service type. Valid values: login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative.
- tertiarySecret string
- Secret key to access the tertiary server.
- tertiaryServer string
- {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout number
- Time in seconds between re-sending authentication requests.
- tlsMin stringProto Version 
- Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transportProtocol string
- Transport protocol to be used (default = udp). Valid values: udp,tcp,tls.
- useManagement stringVdom 
- Enable/disable using management VDOM to send requests. Valid values: enable,disable.
- usernameCase stringSensitive 
- Enable/disable case sensitive user names. Valid values: enable,disable.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- account_key_ strcert_ field 
- Define subject identity field in certificate for user access right checking.
- account_key_ strprocessing 
- Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same,strip.
- accounting_servers Sequence[RadiusAccounting Server Args] 
- Additional accounting servers. The structure of accounting_serverblock is documented below.
- acct_all_ strservers 
- Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable,disable.
- acct_interim_ intinterval 
- Time in seconds between each accounting interim update message.
- all_usergroup str
- Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable,enable.
- auth_type str
- Authentication methods/protocols permitted for this RADIUS server. Valid values: auto,ms_chap_v2,ms_chap,chap,pap.
- ca_cert str
- CA of server to trust under TLS.
- call_station_ strid_ type 
- Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy,IP,MAC.
- classes
Sequence[RadiusClass Args] 
- Class attribute name(s). The structure of classblock is documented below.
- client_cert str
- Client certificate to use under TLS.
- delimiter str
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus,comma.
- dynamic_sort_ strsubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get_all_ strtables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- group_override_ strattr_ type 
- RADIUS attribute type to override user group information. Valid values: filter-Id,class.
- h3c_compatibility str
- Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable,disable.
- interface str
- Specify outgoing interface to reach server.
- interface_select_ strmethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- mac_case str
- MAC authentication case (default = lowercase). Valid values: uppercase,lowercase.
- mac_password_ strdelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- mac_username_ strdelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- name str
- RADIUS server entry name.
- nas_id str
- Custom NAS identifier.
- nas_id_ strtype 
- NAS identifier type configuration (default = legacy). Valid values: legacy,custom,hostname.
- nas_ip str
- IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- password_encoding str
- Password encoding. Valid values: auto,ISO-8859-1.
- password_renewal str
- Enable/disable password renewal. Valid values: enable,disable.
- radius_coa str
- Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable,disable.
- radius_port int
- RADIUS service port number.
- rsso str
- Enable/disable RADIUS based single sign on feature. Valid values: enable,disable.
- rsso_context_ inttimeout 
- Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso_endpoint_ strattribute 
- RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rsso_endpoint_ strblock_ attribute 
- RADIUS attributes used to block a user. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rsso_ep_ strone_ ip_ only 
- Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable,disable.
- rsso_flush_ strip_ session 
- Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable,disable.
- rsso_log_ strflags 
- Events to log. Valid values: protocol-error,profile-missing,accounting-stop-missed,accounting-event,endpoint-block,radiusd-other,none.
- rsso_log_ intperiod 
- Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso_radius_ strresponse 
- Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable,disable.
- rsso_radius_ intserver_ port 
- UDP port to listen on for RADIUS Start and Stop records.
- rsso_secret str
- RADIUS secret used by the RADIUS accounting server.
- rsso_validate_ strrequest_ secret 
- Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable,disable.
- secondary_secret str
- Secret key to access the secondary server.
- secondary_server str
- {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret str
- Pre-shared secret key used to access the primary RADIUS server.
- server str
- Primary RADIUS server CN domain name or IP address.
- server_identity_ strcheck 
- Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable,disable.
- source_ip str
- Source IP address for communications to the RADIUS server.
- sso_attribute str
- RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- sso_attribute_ strkey 
- Key prefix for SSO group value in the SSO attribute.
- sso_attribute_ strvalue_ override 
- Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable,disable.
- status_ttl int
- Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch_controller_ intacct_ fast_ framedip_ detect 
- Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch_controller_ strnas_ ip_ dynamic 
- Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable,disable.
- switch_controller_ strservice_ type 
- RADIUS service type. Valid values: login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative.
- tertiary_secret str
- Secret key to access the tertiary server.
- tertiary_server str
- {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout int
- Time in seconds between re-sending authentication requests.
- tls_min_ strproto_ version 
- Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transport_protocol str
- Transport protocol to be used (default = udp). Valid values: udp,tcp,tls.
- use_management_ strvdom 
- Enable/disable using management VDOM to send requests. Valid values: enable,disable.
- username_case_ strsensitive 
- Enable/disable case sensitive user names. Valid values: enable,disable.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- accountKey StringCert Field 
- Define subject identity field in certificate for user access right checking.
- accountKey StringProcessing 
- Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same,strip.
- accountingServers List<Property Map>
- Additional accounting servers. The structure of accounting_serverblock is documented below.
- acctAll StringServers 
- Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable,disable.
- acctInterim NumberInterval 
- Time in seconds between each accounting interim update message.
- allUsergroup String
- Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable,enable.
- authType String
- Authentication methods/protocols permitted for this RADIUS server. Valid values: auto,ms_chap_v2,ms_chap,chap,pap.
- caCert String
- CA of server to trust under TLS.
- callStation StringId Type 
- Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy,IP,MAC.
- classes List<Property Map>
- Class attribute name(s). The structure of classblock is documented below.
- clientCert String
- Client certificate to use under TLS.
- delimiter String
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus,comma.
- dynamicSort StringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- groupOverride StringAttr Type 
- RADIUS attribute type to override user group information. Valid values: filter-Id,class.
- h3cCompatibility String
- Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable,disable.
- interface String
- Specify outgoing interface to reach server.
- interfaceSelect StringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- macCase String
- MAC authentication case (default = lowercase). Valid values: uppercase,lowercase.
- macPassword StringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername StringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- name String
- RADIUS server entry name.
- nasId String
- Custom NAS identifier.
- nasId StringType 
- NAS identifier type configuration (default = legacy). Valid values: legacy,custom,hostname.
- nasIp String
- IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- passwordEncoding String
- Password encoding. Valid values: auto,ISO-8859-1.
- passwordRenewal String
- Enable/disable password renewal. Valid values: enable,disable.
- radiusCoa String
- Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable,disable.
- radiusPort Number
- RADIUS service port number.
- rsso String
- Enable/disable RADIUS based single sign on feature. Valid values: enable,disable.
- rssoContext NumberTimeout 
- Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rssoEndpoint StringAttribute 
- RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rssoEndpoint StringBlock Attribute 
- RADIUS attributes used to block a user. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rssoEp StringOne Ip Only 
- Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable,disable.
- rssoFlush StringIp Session 
- Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable,disable.
- rssoLog StringFlags 
- Events to log. Valid values: protocol-error,profile-missing,accounting-stop-missed,accounting-event,endpoint-block,radiusd-other,none.
- rssoLog NumberPeriod 
- Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rssoRadius StringResponse 
- Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable,disable.
- rssoRadius NumberServer Port 
- UDP port to listen on for RADIUS Start and Stop records.
- rssoSecret String
- RADIUS secret used by the RADIUS accounting server.
- rssoValidate StringRequest Secret 
- Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable,disable.
- secondarySecret String
- Secret key to access the secondary server.
- secondaryServer String
- {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret String
- Pre-shared secret key used to access the primary RADIUS server.
- server String
- Primary RADIUS server CN domain name or IP address.
- serverIdentity StringCheck 
- Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable,disable.
- sourceIp String
- Source IP address for communications to the RADIUS server.
- ssoAttribute String
- RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- ssoAttribute StringKey 
- Key prefix for SSO group value in the SSO attribute.
- ssoAttribute StringValue Override 
- Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable,disable.
- statusTtl Number
- Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switchController NumberAcct Fast Framedip Detect 
- Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switchController StringNas Ip Dynamic 
- Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable,disable.
- switchController StringService Type 
- RADIUS service type. Valid values: login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative.
- tertiarySecret String
- Secret key to access the tertiary server.
- tertiaryServer String
- {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout Number
- Time in seconds between re-sending authentication requests.
- tlsMin StringProto Version 
- Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transportProtocol String
- Transport protocol to be used (default = udp). Valid values: udp,tcp,tls.
- useManagement StringVdom 
- Enable/disable using management VDOM to send requests. Valid values: enable,disable.
- usernameCase StringSensitive 
- Enable/disable case sensitive user names. Valid values: enable,disable.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Outputs
All input properties are implicitly available as output properties. Additionally, the Radius resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Radius Resource
Get an existing Radius resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RadiusState, opts?: CustomResourceOptions): Radius@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_key_cert_field: Optional[str] = None,
        account_key_processing: Optional[str] = None,
        accounting_servers: Optional[Sequence[RadiusAccountingServerArgs]] = None,
        acct_all_servers: Optional[str] = None,
        acct_interim_interval: Optional[int] = None,
        all_usergroup: Optional[str] = None,
        auth_type: Optional[str] = None,
        ca_cert: Optional[str] = None,
        call_station_id_type: Optional[str] = None,
        classes: Optional[Sequence[RadiusClassArgs]] = None,
        client_cert: Optional[str] = None,
        delimiter: Optional[str] = None,
        dynamic_sort_subtable: Optional[str] = None,
        get_all_tables: Optional[str] = None,
        group_override_attr_type: Optional[str] = None,
        h3c_compatibility: Optional[str] = None,
        interface: Optional[str] = None,
        interface_select_method: Optional[str] = None,
        mac_case: Optional[str] = None,
        mac_password_delimiter: Optional[str] = None,
        mac_username_delimiter: Optional[str] = None,
        name: Optional[str] = None,
        nas_id: Optional[str] = None,
        nas_id_type: Optional[str] = None,
        nas_ip: Optional[str] = None,
        password_encoding: Optional[str] = None,
        password_renewal: Optional[str] = None,
        radius_coa: Optional[str] = None,
        radius_port: Optional[int] = None,
        rsso: Optional[str] = None,
        rsso_context_timeout: Optional[int] = None,
        rsso_endpoint_attribute: Optional[str] = None,
        rsso_endpoint_block_attribute: Optional[str] = None,
        rsso_ep_one_ip_only: Optional[str] = None,
        rsso_flush_ip_session: Optional[str] = None,
        rsso_log_flags: Optional[str] = None,
        rsso_log_period: Optional[int] = None,
        rsso_radius_response: Optional[str] = None,
        rsso_radius_server_port: Optional[int] = None,
        rsso_secret: Optional[str] = None,
        rsso_validate_request_secret: Optional[str] = None,
        secondary_secret: Optional[str] = None,
        secondary_server: Optional[str] = None,
        secret: Optional[str] = None,
        server: Optional[str] = None,
        server_identity_check: Optional[str] = None,
        source_ip: Optional[str] = None,
        sso_attribute: Optional[str] = None,
        sso_attribute_key: Optional[str] = None,
        sso_attribute_value_override: Optional[str] = None,
        status_ttl: Optional[int] = None,
        switch_controller_acct_fast_framedip_detect: Optional[int] = None,
        switch_controller_nas_ip_dynamic: Optional[str] = None,
        switch_controller_service_type: Optional[str] = None,
        tertiary_secret: Optional[str] = None,
        tertiary_server: Optional[str] = None,
        timeout: Optional[int] = None,
        tls_min_proto_version: Optional[str] = None,
        transport_protocol: Optional[str] = None,
        use_management_vdom: Optional[str] = None,
        username_case_sensitive: Optional[str] = None,
        vdomparam: Optional[str] = None) -> Radiusfunc GetRadius(ctx *Context, name string, id IDInput, state *RadiusState, opts ...ResourceOption) (*Radius, error)public static Radius Get(string name, Input<string> id, RadiusState? state, CustomResourceOptions? opts = null)public static Radius get(String name, Output<String> id, RadiusState state, CustomResourceOptions options)resources:  _:    type: fortios:user:Radius    get:      id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- AccountKey stringCert Field 
- Define subject identity field in certificate for user access right checking.
- AccountKey stringProcessing 
- Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same,strip.
- AccountingServers List<Pulumiverse.Fortios. User. Inputs. Radius Accounting Server> 
- Additional accounting servers. The structure of accounting_serverblock is documented below.
- AcctAll stringServers 
- Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable,disable.
- AcctInterim intInterval 
- Time in seconds between each accounting interim update message.
- AllUsergroup string
- Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable,enable.
- AuthType string
- Authentication methods/protocols permitted for this RADIUS server. Valid values: auto,ms_chap_v2,ms_chap,chap,pap.
- CaCert string
- CA of server to trust under TLS.
- CallStation stringId Type 
- Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy,IP,MAC.
- Classes
List<Pulumiverse.Fortios. User. Inputs. Radius Class> 
- Class attribute name(s). The structure of classblock is documented below.
- ClientCert string
- Client certificate to use under TLS.
- Delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus,comma.
- DynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- GroupOverride stringAttr Type 
- RADIUS attribute type to override user group information. Valid values: filter-Id,class.
- H3cCompatibility string
- Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable,disable.
- Interface string
- Specify outgoing interface to reach server.
- InterfaceSelect stringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- MacCase string
- MAC authentication case (default = lowercase). Valid values: uppercase,lowercase.
- MacPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- Name string
- RADIUS server entry name.
- NasId string
- Custom NAS identifier.
- NasId stringType 
- NAS identifier type configuration (default = legacy). Valid values: legacy,custom,hostname.
- NasIp string
- IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- PasswordEncoding string
- Password encoding. Valid values: auto,ISO-8859-1.
- PasswordRenewal string
- Enable/disable password renewal. Valid values: enable,disable.
- RadiusCoa string
- Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable,disable.
- RadiusPort int
- RADIUS service port number.
- Rsso string
- Enable/disable RADIUS based single sign on feature. Valid values: enable,disable.
- RssoContext intTimeout 
- Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- RssoEndpoint stringAttribute 
- RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- RssoEndpoint stringBlock Attribute 
- RADIUS attributes used to block a user. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- RssoEp stringOne Ip Only 
- Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable,disable.
- RssoFlush stringIp Session 
- Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable,disable.
- RssoLog stringFlags 
- Events to log. Valid values: protocol-error,profile-missing,accounting-stop-missed,accounting-event,endpoint-block,radiusd-other,none.
- RssoLog intPeriod 
- Time interval in seconds that group event log messages will be generated for dynamic profile events.
- RssoRadius stringResponse 
- Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable,disable.
- RssoRadius intServer Port 
- UDP port to listen on for RADIUS Start and Stop records.
- RssoSecret string
- RADIUS secret used by the RADIUS accounting server.
- RssoValidate stringRequest Secret 
- Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable,disable.
- SecondarySecret string
- Secret key to access the secondary server.
- SecondaryServer string
- {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- Secret string
- Pre-shared secret key used to access the primary RADIUS server.
- Server string
- Primary RADIUS server CN domain name or IP address.
- ServerIdentity stringCheck 
- Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable,disable.
- SourceIp string
- Source IP address for communications to the RADIUS server.
- SsoAttribute string
- RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- SsoAttribute stringKey 
- Key prefix for SSO group value in the SSO attribute.
- SsoAttribute stringValue Override 
- Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable,disable.
- StatusTtl int
- Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- SwitchController intAcct Fast Framedip Detect 
- Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- SwitchController stringNas Ip Dynamic 
- Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable,disable.
- SwitchController stringService Type 
- RADIUS service type. Valid values: login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative.
- TertiarySecret string
- Secret key to access the tertiary server.
- TertiaryServer string
- {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- Timeout int
- Time in seconds between re-sending authentication requests.
- TlsMin stringProto Version 
- Minimum supported protocol version for TLS connections (default is to follow system global setting).
- TransportProtocol string
- Transport protocol to be used (default = udp). Valid values: udp,tcp,tls.
- UseManagement stringVdom 
- Enable/disable using management VDOM to send requests. Valid values: enable,disable.
- UsernameCase stringSensitive 
- Enable/disable case sensitive user names. Valid values: enable,disable.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- AccountKey stringCert Field 
- Define subject identity field in certificate for user access right checking.
- AccountKey stringProcessing 
- Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same,strip.
- AccountingServers []RadiusAccounting Server Args 
- Additional accounting servers. The structure of accounting_serverblock is documented below.
- AcctAll stringServers 
- Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable,disable.
- AcctInterim intInterval 
- Time in seconds between each accounting interim update message.
- AllUsergroup string
- Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable,enable.
- AuthType string
- Authentication methods/protocols permitted for this RADIUS server. Valid values: auto,ms_chap_v2,ms_chap,chap,pap.
- CaCert string
- CA of server to trust under TLS.
- CallStation stringId Type 
- Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy,IP,MAC.
- Classes
[]RadiusClass Args 
- Class attribute name(s). The structure of classblock is documented below.
- ClientCert string
- Client certificate to use under TLS.
- Delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus,comma.
- DynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- GroupOverride stringAttr Type 
- RADIUS attribute type to override user group information. Valid values: filter-Id,class.
- H3cCompatibility string
- Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable,disable.
- Interface string
- Specify outgoing interface to reach server.
- InterfaceSelect stringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- MacCase string
- MAC authentication case (default = lowercase). Valid values: uppercase,lowercase.
- MacPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- Name string
- RADIUS server entry name.
- NasId string
- Custom NAS identifier.
- NasId stringType 
- NAS identifier type configuration (default = legacy). Valid values: legacy,custom,hostname.
- NasIp string
- IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- PasswordEncoding string
- Password encoding. Valid values: auto,ISO-8859-1.
- PasswordRenewal string
- Enable/disable password renewal. Valid values: enable,disable.
- RadiusCoa string
- Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable,disable.
- RadiusPort int
- RADIUS service port number.
- Rsso string
- Enable/disable RADIUS based single sign on feature. Valid values: enable,disable.
- RssoContext intTimeout 
- Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- RssoEndpoint stringAttribute 
- RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- RssoEndpoint stringBlock Attribute 
- RADIUS attributes used to block a user. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- RssoEp stringOne Ip Only 
- Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable,disable.
- RssoFlush stringIp Session 
- Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable,disable.
- RssoLog stringFlags 
- Events to log. Valid values: protocol-error,profile-missing,accounting-stop-missed,accounting-event,endpoint-block,radiusd-other,none.
- RssoLog intPeriod 
- Time interval in seconds that group event log messages will be generated for dynamic profile events.
- RssoRadius stringResponse 
- Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable,disable.
- RssoRadius intServer Port 
- UDP port to listen on for RADIUS Start and Stop records.
- RssoSecret string
- RADIUS secret used by the RADIUS accounting server.
- RssoValidate stringRequest Secret 
- Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable,disable.
- SecondarySecret string
- Secret key to access the secondary server.
- SecondaryServer string
- {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- Secret string
- Pre-shared secret key used to access the primary RADIUS server.
- Server string
- Primary RADIUS server CN domain name or IP address.
- ServerIdentity stringCheck 
- Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable,disable.
- SourceIp string
- Source IP address for communications to the RADIUS server.
- SsoAttribute string
- RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- SsoAttribute stringKey 
- Key prefix for SSO group value in the SSO attribute.
- SsoAttribute stringValue Override 
- Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable,disable.
- StatusTtl int
- Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- SwitchController intAcct Fast Framedip Detect 
- Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- SwitchController stringNas Ip Dynamic 
- Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable,disable.
- SwitchController stringService Type 
- RADIUS service type. Valid values: login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative.
- TertiarySecret string
- Secret key to access the tertiary server.
- TertiaryServer string
- {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- Timeout int
- Time in seconds between re-sending authentication requests.
- TlsMin stringProto Version 
- Minimum supported protocol version for TLS connections (default is to follow system global setting).
- TransportProtocol string
- Transport protocol to be used (default = udp). Valid values: udp,tcp,tls.
- UseManagement stringVdom 
- Enable/disable using management VDOM to send requests. Valid values: enable,disable.
- UsernameCase stringSensitive 
- Enable/disable case sensitive user names. Valid values: enable,disable.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- accountKey StringCert Field 
- Define subject identity field in certificate for user access right checking.
- accountKey StringProcessing 
- Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same,strip.
- accountingServers List<RadiusAccounting Server> 
- Additional accounting servers. The structure of accounting_serverblock is documented below.
- acctAll StringServers 
- Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable,disable.
- acctInterim IntegerInterval 
- Time in seconds between each accounting interim update message.
- allUsergroup String
- Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable,enable.
- authType String
- Authentication methods/protocols permitted for this RADIUS server. Valid values: auto,ms_chap_v2,ms_chap,chap,pap.
- caCert String
- CA of server to trust under TLS.
- callStation StringId Type 
- Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy,IP,MAC.
- classes
List<RadiusClass> 
- Class attribute name(s). The structure of classblock is documented below.
- clientCert String
- Client certificate to use under TLS.
- delimiter String
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus,comma.
- dynamicSort StringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- groupOverride StringAttr Type 
- RADIUS attribute type to override user group information. Valid values: filter-Id,class.
- h3cCompatibility String
- Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable,disable.
- interfaceSelect StringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- interface_ String
- Specify outgoing interface to reach server.
- macCase String
- MAC authentication case (default = lowercase). Valid values: uppercase,lowercase.
- macPassword StringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername StringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- name String
- RADIUS server entry name.
- nasId String
- Custom NAS identifier.
- nasId StringType 
- NAS identifier type configuration (default = legacy). Valid values: legacy,custom,hostname.
- nasIp String
- IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- passwordEncoding String
- Password encoding. Valid values: auto,ISO-8859-1.
- passwordRenewal String
- Enable/disable password renewal. Valid values: enable,disable.
- radiusCoa String
- Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable,disable.
- radiusPort Integer
- RADIUS service port number.
- rsso String
- Enable/disable RADIUS based single sign on feature. Valid values: enable,disable.
- rssoContext IntegerTimeout 
- Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rssoEndpoint StringAttribute 
- RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rssoEndpoint StringBlock Attribute 
- RADIUS attributes used to block a user. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rssoEp StringOne Ip Only 
- Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable,disable.
- rssoFlush StringIp Session 
- Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable,disable.
- rssoLog StringFlags 
- Events to log. Valid values: protocol-error,profile-missing,accounting-stop-missed,accounting-event,endpoint-block,radiusd-other,none.
- rssoLog IntegerPeriod 
- Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rssoRadius StringResponse 
- Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable,disable.
- rssoRadius IntegerServer Port 
- UDP port to listen on for RADIUS Start and Stop records.
- rssoSecret String
- RADIUS secret used by the RADIUS accounting server.
- rssoValidate StringRequest Secret 
- Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable,disable.
- secondarySecret String
- Secret key to access the secondary server.
- secondaryServer String
- {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret String
- Pre-shared secret key used to access the primary RADIUS server.
- server String
- Primary RADIUS server CN domain name or IP address.
- serverIdentity StringCheck 
- Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable,disable.
- sourceIp String
- Source IP address for communications to the RADIUS server.
- ssoAttribute String
- RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- ssoAttribute StringKey 
- Key prefix for SSO group value in the SSO attribute.
- ssoAttribute StringValue Override 
- Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable,disable.
- statusTtl Integer
- Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switchController IntegerAcct Fast Framedip Detect 
- Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switchController StringNas Ip Dynamic 
- Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable,disable.
- switchController StringService Type 
- RADIUS service type. Valid values: login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative.
- tertiarySecret String
- Secret key to access the tertiary server.
- tertiaryServer String
- {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout Integer
- Time in seconds between re-sending authentication requests.
- tlsMin StringProto Version 
- Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transportProtocol String
- Transport protocol to be used (default = udp). Valid values: udp,tcp,tls.
- useManagement StringVdom 
- Enable/disable using management VDOM to send requests. Valid values: enable,disable.
- usernameCase StringSensitive 
- Enable/disable case sensitive user names. Valid values: enable,disable.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- accountKey stringCert Field 
- Define subject identity field in certificate for user access right checking.
- accountKey stringProcessing 
- Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same,strip.
- accountingServers RadiusAccounting Server[] 
- Additional accounting servers. The structure of accounting_serverblock is documented below.
- acctAll stringServers 
- Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable,disable.
- acctInterim numberInterval 
- Time in seconds between each accounting interim update message.
- allUsergroup string
- Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable,enable.
- authType string
- Authentication methods/protocols permitted for this RADIUS server. Valid values: auto,ms_chap_v2,ms_chap,chap,pap.
- caCert string
- CA of server to trust under TLS.
- callStation stringId Type 
- Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy,IP,MAC.
- classes
RadiusClass[] 
- Class attribute name(s). The structure of classblock is documented below.
- clientCert string
- Client certificate to use under TLS.
- delimiter string
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus,comma.
- dynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- getAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- groupOverride stringAttr Type 
- RADIUS attribute type to override user group information. Valid values: filter-Id,class.
- h3cCompatibility string
- Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable,disable.
- interface string
- Specify outgoing interface to reach server.
- interfaceSelect stringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- macCase string
- MAC authentication case (default = lowercase). Valid values: uppercase,lowercase.
- macPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- name string
- RADIUS server entry name.
- nasId string
- Custom NAS identifier.
- nasId stringType 
- NAS identifier type configuration (default = legacy). Valid values: legacy,custom,hostname.
- nasIp string
- IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- passwordEncoding string
- Password encoding. Valid values: auto,ISO-8859-1.
- passwordRenewal string
- Enable/disable password renewal. Valid values: enable,disable.
- radiusCoa string
- Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable,disable.
- radiusPort number
- RADIUS service port number.
- rsso string
- Enable/disable RADIUS based single sign on feature. Valid values: enable,disable.
- rssoContext numberTimeout 
- Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rssoEndpoint stringAttribute 
- RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rssoEndpoint stringBlock Attribute 
- RADIUS attributes used to block a user. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rssoEp stringOne Ip Only 
- Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable,disable.
- rssoFlush stringIp Session 
- Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable,disable.
- rssoLog stringFlags 
- Events to log. Valid values: protocol-error,profile-missing,accounting-stop-missed,accounting-event,endpoint-block,radiusd-other,none.
- rssoLog numberPeriod 
- Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rssoRadius stringResponse 
- Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable,disable.
- rssoRadius numberServer Port 
- UDP port to listen on for RADIUS Start and Stop records.
- rssoSecret string
- RADIUS secret used by the RADIUS accounting server.
- rssoValidate stringRequest Secret 
- Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable,disable.
- secondarySecret string
- Secret key to access the secondary server.
- secondaryServer string
- {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret string
- Pre-shared secret key used to access the primary RADIUS server.
- server string
- Primary RADIUS server CN domain name or IP address.
- serverIdentity stringCheck 
- Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable,disable.
- sourceIp string
- Source IP address for communications to the RADIUS server.
- ssoAttribute string
- RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- ssoAttribute stringKey 
- Key prefix for SSO group value in the SSO attribute.
- ssoAttribute stringValue Override 
- Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable,disable.
- statusTtl number
- Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switchController numberAcct Fast Framedip Detect 
- Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switchController stringNas Ip Dynamic 
- Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable,disable.
- switchController stringService Type 
- RADIUS service type. Valid values: login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative.
- tertiarySecret string
- Secret key to access the tertiary server.
- tertiaryServer string
- {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout number
- Time in seconds between re-sending authentication requests.
- tlsMin stringProto Version 
- Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transportProtocol string
- Transport protocol to be used (default = udp). Valid values: udp,tcp,tls.
- useManagement stringVdom 
- Enable/disable using management VDOM to send requests. Valid values: enable,disable.
- usernameCase stringSensitive 
- Enable/disable case sensitive user names. Valid values: enable,disable.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- account_key_ strcert_ field 
- Define subject identity field in certificate for user access right checking.
- account_key_ strprocessing 
- Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same,strip.
- accounting_servers Sequence[RadiusAccounting Server Args] 
- Additional accounting servers. The structure of accounting_serverblock is documented below.
- acct_all_ strservers 
- Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable,disable.
- acct_interim_ intinterval 
- Time in seconds between each accounting interim update message.
- all_usergroup str
- Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable,enable.
- auth_type str
- Authentication methods/protocols permitted for this RADIUS server. Valid values: auto,ms_chap_v2,ms_chap,chap,pap.
- ca_cert str
- CA of server to trust under TLS.
- call_station_ strid_ type 
- Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy,IP,MAC.
- classes
Sequence[RadiusClass Args] 
- Class attribute name(s). The structure of classblock is documented below.
- client_cert str
- Client certificate to use under TLS.
- delimiter str
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus,comma.
- dynamic_sort_ strsubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get_all_ strtables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- group_override_ strattr_ type 
- RADIUS attribute type to override user group information. Valid values: filter-Id,class.
- h3c_compatibility str
- Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable,disable.
- interface str
- Specify outgoing interface to reach server.
- interface_select_ strmethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- mac_case str
- MAC authentication case (default = lowercase). Valid values: uppercase,lowercase.
- mac_password_ strdelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- mac_username_ strdelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- name str
- RADIUS server entry name.
- nas_id str
- Custom NAS identifier.
- nas_id_ strtype 
- NAS identifier type configuration (default = legacy). Valid values: legacy,custom,hostname.
- nas_ip str
- IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- password_encoding str
- Password encoding. Valid values: auto,ISO-8859-1.
- password_renewal str
- Enable/disable password renewal. Valid values: enable,disable.
- radius_coa str
- Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable,disable.
- radius_port int
- RADIUS service port number.
- rsso str
- Enable/disable RADIUS based single sign on feature. Valid values: enable,disable.
- rsso_context_ inttimeout 
- Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rsso_endpoint_ strattribute 
- RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rsso_endpoint_ strblock_ attribute 
- RADIUS attributes used to block a user. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rsso_ep_ strone_ ip_ only 
- Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable,disable.
- rsso_flush_ strip_ session 
- Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable,disable.
- rsso_log_ strflags 
- Events to log. Valid values: protocol-error,profile-missing,accounting-stop-missed,accounting-event,endpoint-block,radiusd-other,none.
- rsso_log_ intperiod 
- Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rsso_radius_ strresponse 
- Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable,disable.
- rsso_radius_ intserver_ port 
- UDP port to listen on for RADIUS Start and Stop records.
- rsso_secret str
- RADIUS secret used by the RADIUS accounting server.
- rsso_validate_ strrequest_ secret 
- Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable,disable.
- secondary_secret str
- Secret key to access the secondary server.
- secondary_server str
- {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret str
- Pre-shared secret key used to access the primary RADIUS server.
- server str
- Primary RADIUS server CN domain name or IP address.
- server_identity_ strcheck 
- Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable,disable.
- source_ip str
- Source IP address for communications to the RADIUS server.
- sso_attribute str
- RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- sso_attribute_ strkey 
- Key prefix for SSO group value in the SSO attribute.
- sso_attribute_ strvalue_ override 
- Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable,disable.
- status_ttl int
- Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switch_controller_ intacct_ fast_ framedip_ detect 
- Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switch_controller_ strnas_ ip_ dynamic 
- Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable,disable.
- switch_controller_ strservice_ type 
- RADIUS service type. Valid values: login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative.
- tertiary_secret str
- Secret key to access the tertiary server.
- tertiary_server str
- {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout int
- Time in seconds between re-sending authentication requests.
- tls_min_ strproto_ version 
- Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transport_protocol str
- Transport protocol to be used (default = udp). Valid values: udp,tcp,tls.
- use_management_ strvdom 
- Enable/disable using management VDOM to send requests. Valid values: enable,disable.
- username_case_ strsensitive 
- Enable/disable case sensitive user names. Valid values: enable,disable.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- accountKey StringCert Field 
- Define subject identity field in certificate for user access right checking.
- accountKey StringProcessing 
- Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: same,strip.
- accountingServers List<Property Map>
- Additional accounting servers. The structure of accounting_serverblock is documented below.
- acctAll StringServers 
- Enable/disable sending of accounting messages to all configured servers (default = disable). Valid values: enable,disable.
- acctInterim NumberInterval 
- Time in seconds between each accounting interim update message.
- allUsergroup String
- Enable/disable automatically including this RADIUS server in all user groups. Valid values: disable,enable.
- authType String
- Authentication methods/protocols permitted for this RADIUS server. Valid values: auto,ms_chap_v2,ms_chap,chap,pap.
- caCert String
- CA of server to trust under TLS.
- callStation StringId Type 
- Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: legacy,IP,MAC.
- classes List<Property Map>
- Class attribute name(s). The structure of classblock is documented below.
- clientCert String
- Client certificate to use under TLS.
- delimiter String
- Configure delimiter to be used for separating profile group names in the SSO attribute (default = plus character "+"). Valid values: plus,comma.
- dynamicSort StringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- groupOverride StringAttr Type 
- RADIUS attribute type to override user group information. Valid values: filter-Id,class.
- h3cCompatibility String
- Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. Valid values: enable,disable.
- interface String
- Specify outgoing interface to reach server.
- interfaceSelect StringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- macCase String
- MAC authentication case (default = lowercase). Valid values: uppercase,lowercase.
- macPassword StringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername StringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- name String
- RADIUS server entry name.
- nasId String
- Custom NAS identifier.
- nasId StringType 
- NAS identifier type configuration (default = legacy). Valid values: legacy,custom,hostname.
- nasIp String
- IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes.
- passwordEncoding String
- Password encoding. Valid values: auto,ISO-8859-1.
- passwordRenewal String
- Enable/disable password renewal. Valid values: enable,disable.
- radiusCoa String
- Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: enable,disable.
- radiusPort Number
- RADIUS service port number.
- rsso String
- Enable/disable RADIUS based single sign on feature. Valid values: enable,disable.
- rssoContext NumberTimeout 
- Time in seconds before the logged out user is removed from the "user context list" of logged on users.
- rssoEndpoint StringAttribute 
- RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rssoEndpoint StringBlock Attribute 
- RADIUS attributes used to block a user. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- rssoEp StringOne Ip Only 
- Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. Valid values: enable,disable.
- rssoFlush StringIp Session 
- Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. Valid values: enable,disable.
- rssoLog StringFlags 
- Events to log. Valid values: protocol-error,profile-missing,accounting-stop-missed,accounting-event,endpoint-block,radiusd-other,none.
- rssoLog NumberPeriod 
- Time interval in seconds that group event log messages will be generated for dynamic profile events.
- rssoRadius StringResponse 
- Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: enable,disable.
- rssoRadius NumberServer Port 
- UDP port to listen on for RADIUS Start and Stop records.
- rssoSecret String
- RADIUS secret used by the RADIUS accounting server.
- rssoValidate StringRequest Secret 
- Enable/disable validating the RADIUS request shared secret in the Start or End record. Valid values: enable,disable.
- secondarySecret String
- Secret key to access the secondary server.
- secondaryServer String
- {<name_str|ip_str>} secondary RADIUS CN domain name or IP.
- secret String
- Pre-shared secret key used to access the primary RADIUS server.
- server String
- Primary RADIUS server CN domain name or IP address.
- serverIdentity StringCheck 
- Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: enable,disable.
- sourceIp String
- Source IP address for communications to the RADIUS server.
- ssoAttribute String
- RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. Valid values: User-Name,NAS-IP-Address,Framed-IP-Address,Framed-IP-Netmask,Filter-Id,Login-IP-Host,Reply-Message,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Network,Class,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Proxy-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-AppleTalk-Zone,Acct-Session-Id,Acct-Multi-Session-Id.
- ssoAttribute StringKey 
- Key prefix for SSO group value in the SSO attribute.
- ssoAttribute StringValue Override 
- Enable/disable override old attribute value with new value for the same endpoint. Valid values: enable,disable.
- statusTtl Number
- Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- switchController NumberAcct Fast Framedip Detect 
- Switch controller accounting message Framed-IP detection from DHCP snooping (seconds, default=2).
- switchController StringNas Ip Dynamic 
- Enable/Disable switch-controller nas-ip dynamic to dynamically set nas-ip. Valid values: enable,disable.
- switchController StringService Type 
- RADIUS service type. Valid values: login,framed,callback-login,callback-framed,outbound,administrative,nas-prompt,authenticate-only,callback-nas-prompt,call-check,callback-administrative.
- tertiarySecret String
- Secret key to access the tertiary server.
- tertiaryServer String
- {<name_str|ip_str>} tertiary RADIUS CN domain name or IP.
- timeout Number
- Time in seconds between re-sending authentication requests.
- tlsMin StringProto Version 
- Minimum supported protocol version for TLS connections (default is to follow system global setting).
- transportProtocol String
- Transport protocol to be used (default = udp). Valid values: udp,tcp,tls.
- useManagement StringVdom 
- Enable/disable using management VDOM to send requests. Valid values: enable,disable.
- usernameCase StringSensitive 
- Enable/disable case sensitive user names. Valid values: enable,disable.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Supporting Types
RadiusAccountingServer, RadiusAccountingServerArgs      
- Id int
- ID (0 - 4294967295).
- Interface string
- Specify outgoing interface to reach server.
- InterfaceSelect stringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- Port int
- RADIUS accounting port number.
- Secret string
- Secret key.
- Server string
- {<name_str|ip_str>} Server CN domain name or IP.
- SourceIp string
- Source IP address for communications to the RADIUS server.
- Status string
- Status. Valid values: enable,disable.
- Id int
- ID (0 - 4294967295).
- Interface string
- Specify outgoing interface to reach server.
- InterfaceSelect stringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- Port int
- RADIUS accounting port number.
- Secret string
- Secret key.
- Server string
- {<name_str|ip_str>} Server CN domain name or IP.
- SourceIp string
- Source IP address for communications to the RADIUS server.
- Status string
- Status. Valid values: enable,disable.
- id Integer
- ID (0 - 4294967295).
- interfaceSelect StringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- interface_ String
- Specify outgoing interface to reach server.
- port Integer
- RADIUS accounting port number.
- secret String
- Secret key.
- server String
- {<name_str|ip_str>} Server CN domain name or IP.
- sourceIp String
- Source IP address for communications to the RADIUS server.
- status String
- Status. Valid values: enable,disable.
- id number
- ID (0 - 4294967295).
- interface string
- Specify outgoing interface to reach server.
- interfaceSelect stringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- port number
- RADIUS accounting port number.
- secret string
- Secret key.
- server string
- {<name_str|ip_str>} Server CN domain name or IP.
- sourceIp string
- Source IP address for communications to the RADIUS server.
- status string
- Status. Valid values: enable,disable.
- id int
- ID (0 - 4294967295).
- interface str
- Specify outgoing interface to reach server.
- interface_select_ strmethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- port int
- RADIUS accounting port number.
- secret str
- Secret key.
- server str
- {<name_str|ip_str>} Server CN domain name or IP.
- source_ip str
- Source IP address for communications to the RADIUS server.
- status str
- Status. Valid values: enable,disable.
- id Number
- ID (0 - 4294967295).
- interface String
- Specify outgoing interface to reach server.
- interfaceSelect StringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- port Number
- RADIUS accounting port number.
- secret String
- Secret key.
- server String
- {<name_str|ip_str>} Server CN domain name or IP.
- sourceIp String
- Source IP address for communications to the RADIUS server.
- status String
- Status. Valid values: enable,disable.
RadiusClass, RadiusClassArgs    
- Name string
- Class name.
- Name string
- Class name.
- name String
- Class name.
- name string
- Class name.
- name str
- Class name.
- name String
- Class name.
Import
User Radius can be imported using any of these accepted formats:
$ pulumi import fortios:user/radius:Radius labelname {{name}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:user/radius:Radius labelname {{name}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the fortiosTerraform Provider.
