Hi guys,
We have a CPPM running 6.6.5.93747.
I've created a service to Authenticate and Authorize admin user to login in Palo Alto Networks firewall using TACACS+. The Authenticate step are ok... The user can login on the Firewall using CPPM as TACACS+ Server. The problem is in Authorization. I cannot enforce admin group privilege.
The PA firewall sent some parameter on authentication proccess:
Authorization request sent with priv_lvl=1 user=tacacsuser service=PaloAlto protocol=firewall
I've attached Access Tracker "Authorizations" and "Alerts" screens with the errors.
I need sent back the attribute "PaloAlto-Admin-Role" with name of the user profile.
Authorization support using TACACS+ are new in PA firewall. It was inclued in the latest major version released a month ago.. So, I don't know if someone else will have the same problem as me. Therefore, if you have other kind of scenario that I can copy, I appreciate.
Thank you.
Paulo R.