故障描述:
由于用户管理员离职需要在Fortigate中删除对应的管理员账号,删除时出现报错,用户确认该用户当前未登录
处理过程:
进入CLI尝试删除该账号发现报错,可能仍有用户不确定的客户端当前仍存在连接状态
RS-FGT30E # config system admin
RS-FGT30E (admin) # delete testadmin
Cannot delete admin while 'testadmin' is logged in!
command_cli_delete:6532 delete table entry testadmin unset oper error ret=-14
Command fail. Return code -14
查看当前管理员登录状态发现确实存在会话
RS-FGT30E # get system info admin status
Index User name Login type From
Logged in users: 2
USERNAME TYPE FROM TIME
admin ssh 121.239.85.247 Fri Jul 21 15:22:43 2023
testadmin https 121.239.85.247 Fri Jul 21 15:24:26 2023
查看会话的Index并删除会话
RS-FGT30E # execute disconnect-admin-session
<integer> Index of admin to be disconnected
Currently connected admins:
INDEX USERNAME TYPE VDOM PROFILE FROM TIME
0 admin ssh root super_admin 121.239.85.247 Fri Jul 21 15:22:43 2023
1 testadmin https root super_admin 121.239.85.247 Fri Jul 21 15:24:26 2023
RS-FGT30E # execute disconnect-admin-session 1
Disconnecting administrator testadmin
确认该用户已无会话,正常删除管理员账号
RS-FGT30E # get system info admin status
Index User name Login type From
Logged in users: 1
USERNAME TYPE FROM TIME
admin ssh 121.239.85.247 Fri Jul 21 15:22:43 2023
RS-FGT30E # config system admin
RS-FGT30E (admin) # delete testadmin
RS-FGT30E (admin) # end
RS-FGT30E #