Clearpass TACACS deny specific user
01-18-2017 11:42 PM
straight to the point. Network device which is using TACACS+ for authentication is Fortigate. I have a local user in Fortigate which is configured as a remote user. So Fortigate tries to authenticate it against TACACS.
My problem is how can I deny that local user to login into Fortigate? Fortigate is correctly configured because with other TACACS+ product I'm not able to login to Fortigate.
All I want to do: when connection between Fortigate and Clearpass is up, local user is denied by Clearpass. When connection down, local user is able to connect. With other TACACs product this is working.
I can see ffrom the Clearpass Access Tracker that it denies the local user login, but I'm still able to login to Fortigate.
Can anyone help me please?
Re: Clearpass TACACS deny specific user
01-19-2017 04:18 AM
For example on the controller you can specify that no local management users will be used if Tacacs or radius is up...
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide