Variable | Description | Default |
<name_str> | Enter the name of the administrator account. | |
access-profile <profile_name> | Enter the name of an access profile that determines which functional areas the administrator account may view or affect. | |
auth-strategy {ldap | local | local-plus-radius | pki | radius} | Select the local or remote type of authentication that the administrator will be able to use: • ldap • local • radius • radius-plus-local • pki | local |
domain <admin_domain_str> | Enter the name of a protected domain to restrict the administrator account to settings for that protected domain. | |
is-system-domain {no | yes} | Enter yes to indicate that the administrator account may view all settings on the FortiMail unit. | yes |
language <lang_str> | Enter this administrator account’s preference for the display language of the web-based manager. Available languages vary by whether or not you have installed additional language resource files. To view a list of languages, enter a question mark ( ? ). | english |
ldap-profile <profile_name> | If auth-strategy is ldap, enter the LDAP profile you want to use. | |
password <password_str> | If auth-strategy is local or radius-plus-local, enter the password for the administrator account. Caution: Do not enter a FortiMail administrator password less than six characters long. For better security, enter a longer password with a complex combination of characters and numbers, and change the password regularly. Failure to provide a strong password could compromise the security of your FortiMail unit. | |
pkiuser <pkiuser_str> | If auth-strategy is pki, enter the name of a PKI user. Whether the administrator is required to log in only with a valid personal certificate or password-style authentication fallback is allowed varies by your configuration of pki-mode {enable | disable}. | |
radius-permission-check {enable | disable} | If auth-strategy is local or radius-plus-local, enable to query the RADIUS server for the permissions attribute. | disable |
radius-profile <profile_int> | If auth-strategy is local or radius-plus-local, enter the index number of a RADIUS authentication profile. | |
radius-subtype-id <subtype_int>] | If auth-strategy is local or radius-plus-local, and radius-permission-check is enable, enter the RADIUS subtype identifier. | 0 |
radius-vendor-id <vendor_int> | If auth-strategy is local or radius-plus-local, and radius-permission-check is enable, enter the RADIUS vendor identifier. | 0 |
sshkey <key_str> | Enter the SSH key string surrounded in single straight quotes ( ' ). When connecting from an SSH client that presents this key, the administrator will not need to provide their account name and password in order to log in to the CLI. | |
trusthosts <host_ipv4mask> | Enter one to three IP addresses and netmasks from which the administrator can log in to the FortiMail unit. Separate each IP address and netmask pair with a comma ( , ). To allow the administrator to authenticate from any IP address, enter 0.0.0.0/0.0.0.0. | 0.0.0.0/0.0.0.0 |
webmode (basic | advanced) | Enter which display mode will initially appear when the administrator logs in to the web-based manager. The administrator may switch the display mode during their session; this affects only the initial state of the display. | basic |