01-18-2017 11:42 PM
straight to the point. Network device which is using TACACS+ for authentication is Fortigate. I have a local user in Fortigate which is configured as a remote user. So Fortigate tries to authenticate it against TACACS.
My problem is how can I deny that local user to login into Fortigate? Fortigate is correctly configured because with other TACACS+ product I'm not able to login to Fortigate.
All I want to do: when connection between Fortigate and Clearpass is up, local user is denied by Clearpass. When connection down, local user is able to connect. With other TACACs product this is working.
I can see ffrom the Clearpass Access Tracker that it denies the local user login, but I'm still able to login to Fortigate.
Can anyone help me please?
01-19-2017 04:18 AM
For example on the controller you can specify that no local management users will be used if Tacacs or radius is up...
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base