support Posted May 28, 2019 Share Posted May 28, 2019 Step 1: Ensure you have prerequisites set up for your web server and hosts, as per this forum post (Once off process) Step 2: Add new Password Record configured as follows: Screen 1: Ensure you configure the below 5 options correctly and enter in the password for the account. If you configure an Expiry Date it will automatically change the password when that date is reached. Screen 2: Confirm you select the appropriate Reset Fortigate Password script. Fortigate accounts can reset their own password, so there is no need to create and assign a privileged account. However if you want to choose one SuperAdmin account to perform the resetting across all your devices, then setting a Privileged account here would be advisable. This privileged account will need to have the same username and password across all your devices. Confirm the Password Reset Schedule is enabled if you want the password to automatically change when the Expiry Date occurs Screen 3: Confirm the Validate Password for Fortigate Account validation script is selected Some More notes about Linux Resets: You also have the option to automate all of this by using a Fortigate Discovery job. These can be set up under the Tools Menu and more information about them can be found under Help -> User Manual -> Passwords -> Tools Menu -> Account Discovery. Regards, Support Link to comment Share on other sites More sharing options...
Dickiedik Posted July 28, 2020 Share Posted July 28, 2020 We've setup this for one of our local fortinet admin accounts as a test but this is not working We don't use a privileged account When we check out the account and check it in, a password reset is queued, After that we see the reset icon change to green. And a message is logged that the account pw is succesfully reset " The Passwordstate Windows Service successfully processed the Password Reset Script 'Reset Fortigate Password' against Host" But when we checkout the account again, and use the heart to verify the username password an error is logged. Username/password incorrect. Log message: A manual Account Heartbeat check failed to validated the password for account <account> of Account Type 'Fortigate' on Host <host> After some time the heartbeat icon is also turned to red. After some troubleshooting we found out that although pwstate reports the account password is reset, it is still using the previous password (so in other words password is not changed at all) Any helps would be appriciated. Regards Dick Link to comment Share on other sites More sharing options...
support Posted July 29, 2020 Author Share Posted July 29, 2020 Hello Dickiedik, We have no experience this ourselves, but can you let us know what build number of Passwordstate you are using, and also what version of the Fortigate firewalls software, and we'll do some testing to see if we can replicate the issue? Thanks Click Studios Link to comment Share on other sites More sharing options...
support Posted July 29, 2020 Author Share Posted July 29, 2020 Hi Dickiedik, Also, could you please test something for us to see if we can get an error message for this? Steps to manually test this are below: 1. Go to Administration -> Powershell Scripts -> Scripts - Password Reset and find the Fortigate reset script. Use the Actions Menu for this script and select "Test Script Manually" 2. Now comment out line 129 and add $results.tostring to line 130 (screenshot below) 3. if you now use the field on that screen to enter the hostname, port, account etc, try running the script and it should give you some verbose output. Could you copy that and paste it in a reply to this forum? If you want to email this you can on support@clickstudios.com.au Regards, Support. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now