Skip to main content
Insearchofanswers
Insearchofanswers
New Member
September 20, 2016
Question

Adding multiple TACACS+ servers for auth

  • September 20, 2016
  • 2 replies
  • 6326 views

Currently we have Fortimanager setup using 1 TACACS+ server and would like to update that since we have more then one server for redundancy. When I went to add see if I could add a secondary server under System settings > Admin > Administrator, I noticed there is only a drop down for one server which is pointing to our Remote Auth Server TACACS+ (which is pointing to one node). If I go to add a remote auth server for Radius I notice there's an option to add a secondary server. I'm wondering if the only way to have automated fail over to a backup remote AAA server is to use Radius? My only other thought is to add multiple administrators each with the same accounts pointing at different TACACS+ servers. Any help would be greatly appreciated.   Thanks!!

    2 replies

    Insearchofanswers
    InsearchofanswersAuthor
    New Member
    October 3, 2016

    Anyone? I guess I'll test with multiple admins and if that doesn't work switch to radius...

    scao_FTNT
    Staff
    scao_FTNT
    Staff
    October 3, 2016

    pls check if server group function help for your case

     

    config system admin group     edit <name>             set member <list of ldap, radius, and tacacs servers>     next end   config system admin user     edit <remote admin name>         set user_type group         set group <user group name>     next end   Thanks   Simon
    ergotherego
    ergotherego
    New Member
    October 7, 2016

    I am on 5.4.1 and there is an option for a secondary (and tertiary) TACACS+ server: 

    FMG # config system admin tacacs (tacacs)# edit test new entry 'test' added

    (test)# set ? *server {<name_str|ip_str>} server domain name or IP. secondary-server {<name_str|ip_str>} secondary server domain name or IP. tertiary-server {<name_str|ip_str>} tertiary server domain name or IP. port Port number of TACACS+ server. *key <password_str> key to access server. secondary-key <password_str> key to access secondary server. tertiary-key <password_str> key to access tertiary server. authen-type Authentication type. authorization Enable/disable TACACS+ authorization.

    Terms & ConditionsAccessibility statement