Monday, March 14, 2016

tacacs.net and fortigate

We've been testing the tacacs.net windows AAA server and I wanted to share the authorization profile that will allows you to pass  accprofile to the system admin  user if set accprofile-override has been enabled for the wildcard account.

Under tac_plus shruberry,  the configuration is similar.

shrubberry ( http://www.shrubbery.net/tac_plus/ )


Under tacaces.net you will deploy this in the authorization.xml group sections

tacacs.net    ( http://tacacs.net/documentation.asp )







Don't forget that fortiOS has a diagnostics debug command that will show you what's being passed.

e.g




Alternatively you can use the diag  debug app fnbamd -1 to see what & how the final tacacs reply-authorization status  for accept reply.




Both are great  diagnostic tools and methods for troubleshooting authserver  for both local or remote accounts.

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \




No comments:

Post a Comment