Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass TACACS deny specific user

This thread has been viewed 0 times

  • 1.  Clearpass TACACS deny specific user

    Posted Jan 19, 2017 02:42 AM

    Hi,

     

    straight to the point. Network device which is using TACACS+ for authentication is Fortigate. I have a local user in Fortigate which is configured as a remote user. So Fortigate tries to authenticate it against TACACS.

     

    My problem is how can I deny that local user to login into Fortigate? Fortigate is correctly configured because with other TACACS+ product I'm not able to login to Fortigate.

     

    All I want to do: when connection between Fortigate and Clearpass is up, local user is denied by Clearpass. When connection down, local user is able to connect. With other TACACs product this is working.

    I can see ffrom the Clearpass Access Tracker that it denies the local user login, but I'm still able to login to Fortigate.

     

    Can anyone help me please?

     

     

     



  • 2.  RE: Clearpass TACACS deny specific user

    EMPLOYEE
    Posted Jan 19, 2017 07:18 AM
    Typically that behavior is managed on the NAS, or in this case the fortigate...

    For example on the controller you can specify that no local management users will be used if Tacacs or radius is up...