Under tac_plus shruberry, the configuration is similar.
shrubberry ( http://www.shrubbery.net/tac_plus/ )
Under tacaces.net you will deploy this in the authorization.xml group sections
tacacs.net ( http://tacacs.net/documentation.asp )
Don't forget that fortiOS has a diagnostics debug command that will show you what's being passed.
Alternatively you can use the diag debug app fnbamd -1 to see what & how the final tacacs reply-authorization status for accept reply.
Both are great diagnostic tools and methods for troubleshooting authserver for both local or remote accounts.
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
=( @ @ )=