- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FG50B - lost super_admin access profile?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FG50B - lost super_admin access profile?
Current OS: MR6-sp1
- I cannot assign " super_admin" profile (nor GUI, nor CLI)
- It doesn' t show at GUI / system / admin / profiles
- If I try to create a profile named " super_admin" , I get a " duplicated name..." error
Presently, it is not a problem (I have an Admin account); but may be tomorrow I' ll have to do some management requiring " super_admin" account...
Any hint?
RØ
BACKGROUND:
May be it is related to a serious problem with an MR4 fw (a year ago):
---------------
Initializing firewall...
System is started.
Failed to save PRNG state.
failed to change to (/data/./config/)
...
Error generating self-signed certificate
unknown operation mode(0)
The system is going down NOW !!
---------------
over and over again
Following KB and Forums advices, I did
- an HQIP (everything correct)
- a Format + Get-from-tftp (again MR4)
- an Admin password reset (I couldn' t log in)
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
in order to understand your problem, could you post the output of cli command
" show full-configuration system admin" please?
regards
/ Abel
regards
/ Abel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My problem:
I thought there would be a " super_admin" access profile. But I cannot assign it to any account.
My " full config etc. etc.:
FGT50B $ show full-configuration system admin
config system admin
edit " admin"
set remote-auth disable
set peer-auth disable
set trusthost1 0.0.0.0 0.0.0.0
set trusthost2 0.0.0.0 0.0.0.0
set trusthost3 0.0.0.0 0.0.0.0
set accprofile " prof_admin"
set comments ' '
set vdom " root"
unset ssh-public-key1
unset ssh-public-key2
unset ssh-public-key3
set schedule ' '
config dashboard
edit " licinfo"
set column 1
set status open
next
edit " jsconsole"
set column 1
set status close
next
edit " sysres"
set column 1
set show-fds-chart enable
set show-fortianalyzer-chart enable
set status open
next
edit " sysop"
set column 1
set status open
next
edit " sysinfo"
set column 2
set status open
next
edit " alert"
set column 2
set show-conserve-mode enable
set show-firmware-change enable
set show-system-restart enable
set status close
next
edit " statistics"
set column 2
set status open
next
set column 1
set show-fds-chart enable
set show-fortianalyzer-chart enable
set status open
next
edit " sysop"
set column 1
set status open
next
edit " sysinfo"
set column 2
set status open
next
edit " alert"
set column 2
set show-conserve-mode enable
set show-firmware-change enable
set show-system-restart enable
set status close
next
edit " statistics"
set column 2
set status open
next
end
set password ENC AK13DEr+pGzT+ etc..
next
end
FGT50B $
Thank you
RØ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, it' s clear now:
you only have an admin account with ' prof_admin' and no one with ' super_admin' profile.
Agree with you: you could need that profile for certain tasks.
Well, I don' t know other non-disruptive procedures that this one, mainly used for recover admin passwd;
maybe others in the forum could point another path.
use this thread as reference: http://support.fortinet.com/forum/tm.asp?m=41433
after logged as maintainer user you could type:
config system admin
edit " admin"
set accprofile " super_admin"
next
end
hope it helps,
regards
/ Abel
regards
/ Abel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your quick reply. As I' m now leaving the town (no, no problem with the sheriff), it' ll take some days before I try and I can say how it resulted.
See you
RØ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You will only need the super_admin profile/account if you use virtual domains!! If you don' t have virtual domains, then there is no difference and you don' t need to bother actually!
I also sometimes lost the ' super_admin' profile, because i did backup and recover with only ' prof_admin' profiles! This is how it gets lost ;)!
cheers.roman
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It' s me again, back home.
Abel,
applied procedure and now I have a " super_admin" .
Roman,
I lost that profile after a reset-to-factory + restore-backup
Restored backup included only a ' config system admin' + ' edit " 1" ' . So may be I deleted the original " admin" account and created another one with that same name 
.
Anyway, everything is OK now.
Thank you all
RØ
.
Anyway, everything is OK now.
Thank you all
RØ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey there,
Hope you are all doing well,
I have the same problem and I tried to recover the super admin account using CLI and maintainer account, but I got below error:
# edit "admin"
'maintainer' account can only edit existing admins.
node_check_object fail! for name admin
value parse error before 'admin'
Command fail. Return code -37
Is there any way to know the super admin account as I can't see them with my profil admin
Related Posts
Labels
-
FortiGate
6,498 -
FortiClient
1,298 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
413 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
261 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
149 -
6.4
128 -
FortiNAC
104 -
FortiGuard
102 -
FortiGateCloud
87 -
FortiSIEM
86 -
FortiCloud Products
82 -
IPsec
70 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
FortiAuthenticator
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
NAT
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Security profile
5 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
NAC policy
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.