Technical Tip: System setting missing when using TACACS+ user profile and Super_User admin credential

Nur · ‎03-07-2022

Description

This article related with Super_User admin profile from TACACS+ user react as Standard_User where there no system setting icon appear GUI.

Scope

Example:

Username 'lala' from TACACS+ user react as Super_User:

When login as 'lala' username, there no system setting icon:

When run below debug:_

Ertiga-kvm09 # diag debug application auth 8

Ertiga-kvm09 # diag debug timestamp enable

Ertiga-kvm09 # diag debug enable

: auth request: user=lala from=GUI(192.168.244.154)
: wildcard admin: testing
: start tacacs+: fac
: wildcard admin: lala
: connecting to server 0: 10.47.2.45 ip=10.47.2.45 port=49
fac: connected
fac: sent authen-start: type=pap
fac: got authen-reply: pass(1)
fac: authorization disabled, skip groups/profile/adoms
fac: success
: matched wildcard admin: testing<<< FAZ detect 'lala' username as 'testing' username.
: auth result: success

Solution

When create a username at FortiAnalyzer for TACACS+ user profile, Untick the box 'Match all users on remote server'.

Other than untick the box, leave the password and new password blank as FortiAnalyzer will search the username from TACACS+ server which 'fac'.

When run below debug:

Ertiga-kvm09 # diag debug application auth 8

Ertiga-kvm09 # diag debug timestamp enable

Ertiga-kvm09 # diag debug enable

: auth request: user=ahp1 from=GUI(192.168.244.154)
: found admin: ahp1
: start tacacs+: fac
fac: connecting to server 0: 10.47.2.45 ip=10.47.2.45 port=49
fac: connected
fac: sent authen-start: type=pap
fac: got authen-reply: pass(1)
fac: authorization disabled, skip groups/profile/adoms
fac: success
: auth result: success