Hi,
I'm having the same issue. I'm trying to authenticate 2 user’s types, 1 with super_admin access and one with readonly access. The issue I’ve been having is getting remote authorization working on the Fortigate. I can authenticate users using CPPM TACACS but authorization isn’t working.
The issue appears to be on the CPPM side and that the shell profile isn’t matching something on the Fortigate. The error message I see in CPPM and the shell profile is attached.
At the moment, I'm trying to get remote-auth to work for super_admin access by setting the admin profile to noaccess.
On the Fortigate I have set remote-auth, wildcard, accprofile-override and radius-vdom-override to enable.
I hope this makes sense, if not let me know needs clarifying.
Thanks
Sean