Monday, March 14, 2016 and fortigate

We've been testing the windows AAA server and I wanted to share the authorization profile that will allows you to pass  accprofile to the system admin  user if set accprofile-override has been enabled for the wildcard account.

Under tac_plus shruberry,  the configuration is similar.

shrubberry ( )

Under you will deploy this in the authorization.xml group sections    ( )

Don't forget that fortiOS has a diagnostics debug command that will show you what's being passed.


Alternatively you can use the diag  debug app fnbamd -1 to see what & how the final tacacs reply-authorization status  for accept reply.

Both are great  diagnostic tools and methods for troubleshooting authserver  for both local or remote accounts.

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment