Occasional Contributor II

Clearpass TACACS deny specific user



straight to the point. Network device which is using TACACS+ for authentication is Fortigate. I have a local user in Fortigate which is configured as a remote user. So Fortigate tries to authenticate it against TACACS.


My problem is how can I deny that local user to login into Fortigate? Fortigate is correctly configured because with other TACACS+ product I'm not able to login to Fortigate.


All I want to do: when connection between Fortigate and Clearpass is up, local user is denied by Clearpass. When connection down, local user is able to connect. With other TACACs product this is working.

I can see ffrom the Clearpass Access Tracker that it denies the local user login, but I'm still able to login to Fortigate.


Can anyone help me please?




Guru Elite

Re: Clearpass TACACS deny specific user

Typically that behavior is managed on the NAS, or in this case the fortigate...

For example on the controller you can specify that no local management users will be used if Tacacs or radius is up...

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Search Airheads
Showing results for 
Search instead for 
Did you mean: