[Solved] TACACS + Fortigate doesnt challenge on authorization

Question

Hi All,

I have 2 different location device 100D and 600C both device configure with same configuration according to KB.

100D

- did challenge authorization

- successful overwrite user profile

debug log

fnbamd_tac_plus.c[507] parse_authen_reply-authen result=1(pass) fnbamd_tac_plus.c[282] sock_connect-trying server 1: fnbamd_fsm.c[1034] fsm_tac_plus_result-Continue pending for req 2025560676 fnbamd_tac_plus.c[360] is_sock_connected-tcp connected x.x.x.x fnbamd_tac_plus.c[528] build_author_req-building author req packet: authen_type=2(pap) fnbamd_tac_plus.c[372] pak_send-Encrypting pkt

600C

- doesnt challenge authorization

debug log

fnbamd_tac_plus.c[507] parse_authen_reply-authen result=1(pass) fnbamd_fsm.c[822] find_matched_usr_grps-Skipped group matching fnbamd_comm.c[169] fnbamd_comm_send_result-Sending result 0 for req 1187971785 fnbamd_fsm.c[565] destroy_auth_session-delete session 1187971785

I'm wondering why 600C doesnt challenge for authorization since both configuration is same

KB steps is not complete.

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD33320&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=117824295&stateId=0%200%20117826054

Solved

cli

config user tacacs+

edit xxxx

set authorization enable

xsilver_FTNT · Answer

Hi, same FortiOS (which version we are talking about) ?both configs truly has 'set authorization enable' in TACACS+ user config on FGT ? Best regards,Tomas

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded