Attempting to use TACACS for authenticate/authorization with our OpenGear console server. I am able to Authenticate without issues but Authorization keep failing. I am getting message that raccess is not enabled, and no enforcement profiles matched to perform command authorization. I have created enforcement profile though using raccess service. Screenshots below are from Access Tracker session details:
Appreciate any help that can be provide.
Is the Service not enabled?
Service is enabled and just realized I am getting authorization to work for the group I want it to but when a user who should not be able to access device attempts to they are getting authenticated and though authorization is failing, and they are able to access the device. They get assigned [other] role and TACACS+ deny Profile should be enforced.
Based on that screenshot, ClearPass is responding with the Deny. So the OpenGear seems not to be listening to that or doesn't know what to do with it. What do the OpenGear logs say? What TACACS+ attributes does the OpenGear require?
Make sure to enable the "Use Remote Groups" in the Authentication section of the Serial & Network configuration.
Thank you, was a setting on OpenGear that needed to be made. They had a a netgrp that automatically provided admin permissions, once group was disabled authorization was working.
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.