Security

Reply
Occasional Contributor II
Posts: 11
Registered: ‎01-18-2017

Clearpass TACACS deny specific user

Hi,

 

straight to the point. Network device which is using TACACS+ for authentication is Fortigate. I have a local user in Fortigate which is configured as a remote user. So Fortigate tries to authenticate it against TACACS.

 

My problem is how can I deny that local user to login into Fortigate? Fortigate is correctly configured because with other TACACS+ product I'm not able to login to Fortigate.

 

All I want to do: when connection between Fortigate and Clearpass is up, local user is denied by Clearpass. When connection down, local user is able to connect. With other TACACs product this is working.

I can see ffrom the Clearpass Access Tracker that it denies the local user login, but I'm still able to login to Fortigate.

 

Can anyone help me please?

 

 

 

Guru Elite
Posts: 20,811
Registered: ‎03-29-2007

Re: Clearpass TACACS deny specific user

Typically that behavior is managed on the NAS, or in this case the fortigate...

For example on the controller you can specify that no local management users will be used if Tacacs or radius is up...


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: