Make sure to enable the "Use Remote Groups" in the Authentication section of the Serial & Network configuration.
Chris Hart
Original Message:
Sent: 5/18/2023 1:59:00 PM
From: ahollifield
Subject: RE: Authorization using TACACS+
Based on that screenshot, ClearPass is responding with the Deny. So the OpenGear seems not to be listening to that or doesn't know what to do with it. What do the OpenGear logs say? What TACACS+ attributes does the OpenGear require?
Original Message:
Sent: May 18, 2023 12:16 PM
From: afasanella
Subject: Authorization using TACACS+
Service is enabled and just realized I am getting authorization to work for the group I want it to but when a user who should not be able to access device attempts to they are getting authenticated and though authorization is failing, and they are able to access the device. They get assigned [other] role and TACACS+ deny Profile should be enforced.
Original Message:
Sent: May 18, 2023 10:03 AM
From: ahollifield
Subject: Authorization using TACACS+
Is the Service not enabled?
Original Message:
Sent: May 18, 2023 09:22 AM
From: afasanella
Subject: Authorization using TACACS+
Attempting to use TACACS for authenticate/authorization with our OpenGear console server. I am able to Authenticate without issues but Authorization keep failing. I am getting message that raccess is not enabled, and no enforcement profiles matched to perform command authorization. I have created enforcement profile though using raccess service. Screenshots below are from Access Tracker session details:
Appreciate any help that can be provide.